The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill strongly recommends the global installation of the @tobilu/qmd NPM package (npm install -g @tobilu/qmd) to enable its primary indexing and search capabilities. This is an external dependency from a third-party developer that is not categorized as a well-known service or trusted organization.
[COMMAND_EXECUTION]: The skill performs various shell operations for environment setup and maintenance. This includes detecting the project environment (ls -d .git, ls -d .obsidian), creating and moving files for the wiki structure (mkdir, cp, mv), and utilizing git diff to identify changes in the codebase for automated documentation updates.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to read and process arbitrary project files (the 'Raw Source') to generate its knowledge base. This creates a surface where malicious instructions hidden in a project's code or documents could be executed by the agent during the ingestion process.
Ingestion points: Raw source files (code and markdown) are ingested into the agent context via the qmd tool or direct file reading (SKILL.md, INGEST operation).
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within the source data are defined in the instructions.
Capability inventory: The skill possesses capabilities to write to the file system, execute git commands, and run the qmd CLI tool.
Sanitization: No sanitization or filtering of the content read from the source files is specified before the data is processed by the LLM.

peach-wiki