The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill requires the user to grant "Always Allow" keychain access to the pyoverleaf tool on macOS. This enables persistent extraction of browser cookies (sensitive authentication credentials) from the system keychain.
[EXTERNAL_DOWNLOADS]: The skill downloads and installs an external package pyoverleaf from a third-party repository (github.com/jkulhanek/pyoverleaf) without verification of the source's trustworthiness or integrity.
[COMMAND_EXECUTION]: The skill uses the run_terminal tool to execute various CLI commands and a bundled bash script (scripts/sync-to-overleaf.sh) for syncing files, creating a broad attack surface for shell-based interactions.
[DATA_EXFILTRATION]: The skill has the capability to read sensitive authentication cookies and local project files, and transmit them to external Overleaf servers, which could be abused to exfiltrate data.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the processing of untrusted data.
Ingestion points: Reads content from LaTeX files on Overleaf using pyoverleaf read (referenced in SKILL.md).
Boundary markers: Absent. No delimiters or instructions are used to separate user data from agent instructions.
Capability inventory: Includes run_terminal for shell execution, write_file for file system modification, and network access via the pyoverleaf CLI.
Sanitization: Absent. External content from LaTeX files is read and potentially used in the agent's context without validation or filtering.

inno-rclone-to-overleaf