The Agent Skills Directory

[SAFE]: The skill processes user-provided ChatGPT exports locally using standard Python libraries (zipfile, json). It does not perform any network operations or access sensitive system configuration files.
[COMMAND_EXECUTION]: The script scripts/render-range.py uses subprocess.run to orchestrate another script within the same skill folder (render-conversation.py). This is implemented securely using argument lists instead of shell strings, which prevents shell injection vulnerabilities.
[SAFE]: The skill instructions (SKILL.md) and reference documents (memory-import-workflow.md) emphasize a safety-conscious workflow. The agent is directed to read the extracted chat history and only propose updates to durable memory, ensuring a human-in-the-loop review process before any data is permanently stored.
[PROMPT_INJECTION]: As the skill is designed to ingest and display untrusted data from ChatGPT exports, it possesses an indirect prompt injection surface. However, the risk is mitigated by the skill's design, which uses clear Markdown headers to separate conversation data and instructs the agent to synthesize findings into proposals rather than executing commands found within the chat logs.

importing-chatgpt-memory