The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads sensitive configuration and environment files to retrieve user data and integration secrets.
Reads ~/executive-assistant-skills/config/user.json for personal identifiers including emails and contact numbers.
Sources {user.workspace}/.env, which typically contains API keys and other sensitive credentials for the assistant's tools.
[COMMAND_EXECUTION]: The skill utilizes several command-line interfaces to interact with third-party services.
Executes todoist-cli to review and manage user tasks.
Executes gog to list calendar events, search Gmail messages, and perform the destructive drafts delete action.
Executes mcporter to query meeting notes and action items from Granola.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from external, untrusted sources.
Ingestion points: Data is ingested from Gmail email subjects, calendar event details, and Granola meeting action items.
Boundary markers: No delimiters or instructions are used to prevent the agent from obeying commands embedded within the fetched data.
Capability inventory: The skill has the capability to delete Gmail drafts and exfiltrate data to an external WhatsApp number.
Sanitization: There is no evidence of sanitization or validation of the ingested external content before it influences the agent's logic.

executive-digest