The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill installs the things binary from a third-party GitHub repository (github.com/ossianhempel/things3-cli) using the Go package manager. This source is not verified or included in the trusted vendors list.
[COMMAND_EXECUTION]: The skill relies on executing shell commands via the things CLI tool. It interpolates user-controlled data, such as task titles and notes, directly into these commands, which could lead to unintended command behavior if not properly handled by the underlying tool. Additionally, the skill instructs users to grant 'Full Disk Access', a high-privilege permission, to the calling application to facilitate reading the local database.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading task and project data from a local database. Maliciously crafted content within the Things 3 application (e.g., in task notes) could influence the agent's behavior.
Ingestion points: Data is ingested through commands like things inbox, things today, and things search which read from the local SQLite database.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore embedded commands within the retrieved task data.
Capability inventory: The skill has the ability to write to the database and trigger URL schemes via things add and things update commands.
Sanitization: No sanitization or validation of the database content is performed before it is processed by the agent.

things-mac