The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads from a local database file located at ~/.claude/secretary/secretary.db. This access is used for legitimate productivity analysis, such as tracking project sessions and goals, and does not include any network-based exfiltration commands.
[COMMAND_EXECUTION]: Uses Bash to interact with the local SQLite database. The commands are confined to performing data queries and scoring calculations related to the skill's primary function. No privilege escalation or unauthorized system modifications are present.
[PROMPT_INJECTION]: The skill processes untrusted data from the local database (e.g., commitment titles, goal names). While this presents a surface for indirect prompt injection, there are no instructions designed to bypass agent constraints or redirect core behavior.
Ingestion points: SQL queries in SKILL.md that read from the commitments, sessions, goals, decisions, and patterns tables in secretary.db.
Boundary markers: Absent.
Capability inventory: Read, Bash, Glob, and Grep tools are available to the skill.
Sanitization: No explicit validation or filtering of database content is specified before the data is processed for reporting.

executive