The Agent Skills Directory

[COMMAND_EXECUTION]: The skill recommends several patterns for executing shell commands that incorporate user-influenced data, which may lead to injection vulnerabilities if inputs are not strictly sanitized.
The 'Safe API call pattern' suggests using node -e to process TIL content into temporary files, which involves interpolating user-controlled strings directly into a Node.js script string.
The image upload instruction uses the command npx @opentil/cli image upload <path> where the path is dynamically detected from the conversation history.
[EXTERNAL_DOWNLOADS]: The skill dynamically fetches and executes tools from the NPM registry to maintain functionality.
It uses npx to download and run the @opentil/cli package for self-updates and image uploads.
It performs version checks against the NPM registry to provide update notifications to the user.
[PROMPT_INJECTION]: Features that extract information from conversation history are vulnerable to indirect prompt injection (Category 8).
Ingestion points: Scans the active conversation history and user-provided raw material to identify TIL-worthy insights.
Boundary markers: Does not mandate the use of delimiters or 'ignore' instructions when the agent processes the extracted conversation data.
Capability inventory: Can execute curl, node, and npx commands and perform file operations in the user's home directory (~/.til/).
Sanitization: Relies on the agent's internal logic for content generation, although it suggests using JSON.stringify within a node -e script for payload serialization.
[CREDENTIALS_UNSAFE]: The skill manages sensitive API tokens and profile information stored in local files.
It reads and writes bearer tokens in the ~/.til/credentials file.
It implements security controls by enforcing chmod 600 permissions on the credential file to prevent access by other local users.

til