The Agent Skills Directory

[DATA_EXFILTRATION]: The skill implements logic in WeChatMonitor.swift (SKILL.md) to programmatically extract sensitive user data, including message content, sender names, and timestamps from the WeChat application using AXUIElementCopyAttributeValue. This data is then serialized and printed to standard output for external processing.
[COMMAND_EXECUTION]: The InputWriter.swift module (SKILL.md) uses AXUIElementSetAttributeValue to perform UI automation by injecting text into application input fields, allowing the agent to take control of user interface elements based on external commands.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via its IPC mechanism in SKILL.md. The CommandReceiver class reads JSON commands from standard input and executes handlers using data provided in the payload without validation.
Ingestion points: CommandReceiver.startListening reads untrusted data from stdin.
Boundary markers: Absent; commands are processed directly without delimiters or safety instructions.
Capability inventory: The agent possesses UI read (AXUIElementCopyAttributeValue) and UI write (AXUIElementSetAttributeValue) capabilities across WeChatMonitor.swift and InputWriter.swift.
Sanitization: Absent; content received via IPC is directly passed to the Accessibility API for UI interaction.

macos-agent-development