The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its use of the WebFetch tool to retrieve page content. Ingestion points: External data enters the agent context from URLs provided by the user (referenced in SKILL.md and references/analysis-workflow.md). Boundary markers: No explicit delimiters are used to isolate untrusted web content from the agent's instructional logic. Capability inventory: The agent can read local files (Templates/Bases/*.base) and make network requests. Sanitization: There is no mention of sanitizing or validating the structure of the fetched HTML before the agent evaluates it for selectors.\n- [DATA_EXFILTRATION]: The skill accesses local files in the Templates/Bases/ directory to understand the user's data schema. While this is intended behavior for mapping properties, it constitutes a read-access capability to local files that could be targeted for exposure via malicious inputs.

obsidian-clipper-template-creator