The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's setup instructions suggest that the agent or user install a command-line tool directly from a personal GitHub repository (https://github.com/tobi/qmd). This source is not verified as a trusted organization or vendor.
[COMMAND_EXECUTION]: The skill documentation explicitly directs the agent to execute shell commands like 'mkdir', 'mv', and 'cp' to organize its internal file structure and manage attachments. It also includes instructions to modify the 'PATH' environment variable.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and store content from untrusted external sources, such as transcribing menus, business cards, or other user-provided documents. Ingestion points: Data enters the agent context through 'memory_search' and 'memory_get' operations on files stored in the brain/ workspace. Boundary markers: The skill lacks explicit delimiters or instructions for the agent to ignore potential commands embedded within the stored notes or transcribed text. Capability inventory: The agent has permissions to write to the file system and execute shell commands, which could be exploited if malicious instructions are processed. Sanitization: There is no evidence of content validation or sanitization before the ingested text is presented to the LLM.

brain