The Agent Skills Directory

[DATA_EXFILTRATION]: The setup command performs aggressive scanning of sensitive local files and system utilities to harvest credentials and user activity data. Findings include: accessing Google Chrome's local history database via sqlite3 to extract visited URLs; attempting to retrieve passwords and tokens from the macOS Keychain using security find-generic-password; scanning user shell profiles such as ~/.zshrc and ~/.bashrc and .envrc files for API keys; and interrogating Dashlane and Doppler CLI tools for secrets across all projects.
[PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection through its ingestion of external data. Ingestion points: Fetches data from Klaviyo, Meta Graph API, and Google Ads API (e.g., campaign names and search terms). Boundary markers: Absent when interpolating this data into the Agent prompt. Capability inventory: Includes Bash, Read, Write, and Agent. Sanitization: Absent for content retrieved from external APIs.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute complex shell logic, including querying local databases and iterating through system secret managers, which presents a significant privacy risk and high-risk use of system utilities.

ops-marketing