The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute shell commands and Python scripts using parameters derived from user input. It explicitly supports 'Custom SQL' and direct sqlite3 execution against a local database, providing a direct path for injection attacks if the input is not strictly validated.- [DATA_EXFILTRATION] (HIGH): The skill accesses ~/data/health.db, which contains sensitive personal health metrics. Exposure of this data (even without explicit network exfiltration in the instructions) represents a critical privacy risk as the agent could be induced to output this data or summarize it in ways that leak private information.- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill ingests untrusted user queries and possesses the capability to execute commands and read files based on those queries. There are no boundary markers or sanitization protocols described to prevent an attacker from crafting inputs that manipulate the SQL logic or access unauthorized local resources.

health-data