The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The pnote skills pull command fetches agent skill files from the vendor's cloud and saves them to ~/.claude/skills/. This allows for the dynamic introduction of new logic or capabilities to the agent's environment without requiring a manual update of the base skill.
[COMMAND_EXECUTION]: The skill executes shell commands using the pnote CLI through a Bash(pnote *) tool, where the agent supplies the command arguments.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from the content of retrieved notes and snippets. 1. Ingestion points: Note data is retrieved from a remote database via pnote notes get and pnote search. 2. Boundary markers: There are no delimiters or instructions to ignore embedded commands within the retrieved note content. 3. Capability inventory: The skill has access to the pnote CLI which can perform network operations and file system modifications. 4. Sanitization: No validation or sanitization of note content is performed.
[CREDENTIALS_UNSAFE]: The documentation includes the -p <pin> and --pin <pin> flags for authentication, which can lead to sensitive PINs being exposed in the shell's command history if used as described.

pnote