The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to execute various shell commands to analyze and modify the filesystem.
Evidence: Instructions include the use of ls, find, du, mkdir, and mv to process user directories.
Context: These commands are used to categorize files, identify duplicates via hashing (md5), and move files into new structures. While these are necessary for the skill's primary purpose, they represent a capability for significant filesystem modification.
[DATA_EXFILTRATION]: The skill accesses potentially sensitive user directories (Documents, Projects, Downloads) to analyze file metadata and contents.
Evidence: Commands like find [target_directory] -type f -exec file {} \; and du -sh scan the contents of user-specified directories.
Context: Although the skill does not contain explicit network exfiltration patterns, the broad read access to sensitive personal data is a prerequisite for exposure.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of filenames and directory structures.
Ingestion points: Filenames and paths are read into the agent's context using ls and find (SKILL.md).
Boundary markers: The instructions do not specify explicit delimiters or sanitization for handling filenames that might contain shell metacharacters or malicious instructions.
Capability inventory: The skill possesses the ability to move and delete files based on its analysis (SKILL.md).
Sanitization: No explicit sanitization or validation of the input filenames is instructed, relying on the underlying agent's default safety behaviors.
[SAFE_PRACTICES]: The skill includes several safety-oriented instructions to mitigate risk.
Evidence: The instructions explicitly mandate that the agent "Always ask for confirmation before deleting" and "Present a clear plan before making changes."
Context: These human-in-the-loop checkpoints significantly reduce the risk of accidental or malicious data loss.

file-organizer