The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several shell commands to manage the git workflow and process notes. It runs git commands for commits and pushes, and invokes bash scripts/redact_check.sh and python3 scripts/update_readme_overview.py (if available) within the workspace environment.\n- [DATA_EXFILTRATION]: The skill's core functionality includes git push, which automatically uploads note content and attachments to a remote repository. This constitutes intentional data transfer to an external service.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through note processing. (1) Ingestion points: It reads user-supplied text, voice summaries, and files (SKILL.md, Workflow Step 1). (2) Boundary markers: No explicit delimiters are used to isolate user content from instructions. (3) Capability inventory: The skill can write files, execute shell commands, and perform network requests (git push). (4) Sanitization: While it includes a script to redact secrets (scripts/redact_check.sh), it does not filter or sanitize executable instructions that could be embedded in the notes to influence the agent's behavior during task extraction or backlog review.

note-taker