The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands like mv, ls, and find to manipulate files based on their names and metadata. Evidence: Execution of commands such as mv ~/Desktop/*.pdf ~/Documents/Organized/ and find ~/Downloads -type f -exec md5sum {} +. Risk: If a file name contains shell metacharacters such as semicolons, backticks, or pipes, it could lead to arbitrary command execution when processed by the shell.
[PROMPT_INJECTION]: The skill processes file names as an indirect prompt injection surface. Ingestion points: The skill reads file names and metadata from ~/Desktop/ and ~/Downloads/ to perform semantic categorization. Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore or escape instructions that might be embedded within file names. Capability inventory: The skill possesses file system capabilities including moving files (mv), creating directories (mkdir), and listing/searching files (ls, find). Sanitization: There is no evidence of shell-escaping, input validation, or sanitization logic to handle special characters in file names before they are interpolated into executable strings.

smart-desktop-organizer