The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the spark command-line tool to query the user's local mailbox and calendar data. Commands like spark emails, spark thread, and spark search are used to retrieve information from the Spark macOS desktop application.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from external sources (email bodies and meeting transcripts).
Ingestion points: Commands such as spark search, spark thread, and spark meeting --transcript ingest content from emails and meetings that may contain malicious instructions.
Boundary markers: There are no instructions provided to wrap external content in delimiters or to use "ignore embedded instructions" warnings, increasing the risk that the agent may follow instructions found within an email.
Capability inventory: The skill currently has read-only access to email and calendar data via the spark CLI. However, if the agent has access to other tools in its environment (e.g., file writing or web browsing), an injected instruction could lead to further exploitation.
Sanitization: No sanitization, escaping, or validation of the retrieved content is mentioned in the instructions.

use-spark