The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file uses mandatory language to force agent behavior. Instructions such as 'MANDATORY SKILL INVOCATION' and 'YOU MUST invoke this skill (NOT optional)' attempt to override the agent's standard decision-making logic. The script explicitly claims that failing to use the skill 'violates your operational requirements,' which is a common instruction override pattern.
[CREDENTIALS_UNSAFE]: The skill is configured to access sensitive credentials, specifically the 'LINKDING_API_KEY', stored in the '~/.homelab-skills/.env' file. The bash script 'scripts/linkding-api.sh' loads these credentials at runtime to authenticate API requests.
[COMMAND_EXECUTION]: The skill utilizes a bash script 'scripts/linkding-api.sh' to execute shell commands and perform network operations via 'curl'. While the script uses 'jq' to sanitize data for JSON payloads, the ability to execute shell scripts provides a significant capability surface.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when processing external bookmark content. * Ingestion points: Untrusted data such as bookmark titles, descriptions, and notes enter the context via the 'bookmarks', 'get', and 'check' commands in 'scripts/linkding-api.sh'. * Boundary markers: There are no delimiters or instructions provided in the skill to ensure the agent treats the retrieved bookmark metadata as untrusted data rather than instructions. * Capability inventory: The skill has access to network resources and local shell execution through its scripts. * Sanitization: Although 'jq' is used for JSON formatting and URI encoding, no sanitization or validation is performed to prevent malicious natural language instructions within the bookmark metadata from being interpreted by the agent.

linkding