The Agent Skills Directory

[PROMPT_INJECTION]: The skill incorporates untrusted data into its automation workflows, which creates a surface for indirect prompt injection. * Ingestion points: User-provided data enters through placeholders such as {{text_to_process}}, {{task}}, {{notes}}, and {{input}} in the SKILL.md file. * Boundary markers: The prompt templates do not use delimiters or explicit instructions to ignore embedded commands within the input. * Capability inventory: The skill uses the apple-mcp server to execute shortcuts, manage reminders, and create notes, which are capabilities that could be targeted by malicious input. * Sanitization: No validation or sanitization of input data is performed before it is passed to the Apple ecosystem tools.

Apple Shortcuts Integration