The Agent Skills Directory

[DATA_EXFILTRATION]: The skill extracts sensitive GPS coordinates from user photos through the tools/photo_analyzer.py script to build relationship timelines.
[EXTERNAL_DOWNLOADS]: The tools/screenshot_parser.py utility makes outbound network requests to api.openai.com (or a user-defined OPENAI_BASE_URL) to process image data via Vision APIs.
[DATA_EXFILTRATION]: The skill documentation in SKILL.md and README.md contains misleading security claims stating that "Nothing is uploaded to external servers." In reality, the screenshot parsing feature transmits potentially sensitive user chat data (images) to remote API providers.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It ingests untrusted data from external chat logs and social media which is directly interpolated into generated persona instructions and the final executable SKILL.md file.
Ingestion points: Chat logs and social media text processed by wechat_parser.py, imessage_parser.py, qq_parser.py, screenshot_parser.py, and social_parser.py.
Boundary markers: Absent; external data is placed into Markdown templates without robust delimiters or instructions for the agent to ignore embedded commands.
Capability inventory: The skill utilizes the Bash, Read, Write, and Edit tools to manage files and execute parsing scripts.
Sanitization: None; the scripts perform extraction using regular expressions but do not filter for malicious instruction patterns.
[COMMAND_EXECUTION]: The skill relies on the high-privilege Bash tool to run its suite of internal Python scripts for data parsing and version management.

crush