The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands including ls, mkdir, and mv to manage files within the user's ~/Downloads, iCloud Drive, and Obsidian vault. These operations are necessary for the skill's purpose of archiving and renaming files.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its handling of untrusted data from PDF files.
Ingestion points: Metadata such as titles, abstracts, and author names are extracted from PDF files found in the ~/Downloads directory using the Read tool.
Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore potentially malicious instructions embedded within the PDF text during extraction.
Capability inventory: The extracted metadata is interpolated into shell commands for file renaming/moving and into Markdown templates for note creation. This includes the mv command and file-writing operations.
Sanitization: While the skill lacks formal sanitization of the extracted text, it includes mitigation strategies such as requiring explicit user confirmation of proposed filenames/categories (Step 4) and a mandatory rule to quote all file paths to prevent basic shell command injection.

paper-archive