The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted text data from keyboard and speech sensors, creating a potential surface for indirect prompt injection. * Ingestion points: The skill accesses text data from keyboard activity metrics (SRKeyboardMetrics) and speech-to-text transcriptions (SRSpeechMetrics) as detailed in references/sensorkit-patterns.md. * Boundary markers: No delimiters or boundary markers are suggested to isolate sensor-derived text from the agent's operating instructions. * Capability inventory: The skill enables broad access to high-sensitivity sensors, including motion, location, and physiological data, which increases the potential impact of a successful injection. * Sanitization: The provided implementation patterns lack any logic for sanitizing or filtering transcribed speech or keyboard data before processing.
[DATA_EXFILTRATION]: The skill details how to access highly sensitive user data, posing a significant risk of data exposure. * Documentation explains how to retrieve granular typing behavior (sentiment, words, speed), speech transcriptions from phone calls and Siri, and facial expressions via the TrueDepth camera. * The skill provides patterns for tracking location history and visits to sensitive locations like home and work via the SRVisit sensor. * It also facilitates access to biometric and physiological data including heart rate, ECG, and PPG streams. * While no external network exfiltration code is included, the accessibility of this private data by an AI model represents a privacy risk if the model's output is shared with external parties.

sensorkit