The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill requires the user to provide a session cookie (LOOM_COOKIE) for the Loom MCP server. Handling raw session tokens in environment variables poses a risk of credential exposure or session hijacking if the agent's environment or logs are accessed.
[COMMAND_EXECUTION]: The instructions mandate the execution of the ffmpeg command-line tool to extract frames from video URLs. The command ffmpeg -ss {seconds} -i "{loom_cdn_url}" -frames:v 1 -y /tmp/frame_{id}_{seconds}.png incorporates variables derived from the Loom MCP server. This creates a potential command injection vector if the {loom_cdn_url} or {id} parameters are manipulated by an attacker who can influence Loom metadata.
[EXTERNAL_DOWNLOADS]: The skill directs users to install a third-party MCP server from a GitHub repository (github.com/karbassi/mcp-loom) and requires the local installation of the ffmpeg binary via brew.
[DATA_EXFILTRATION]: The skill is designed to crawl Slack project channels, Notion pages, and meeting transcripts. It aggregates this data and persists it to a Notion subpage. While intended for project management, this behavior creates a mechanism for high-volume data collection from internal communication tools.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingests and processes untrusted data from Slack channels and transcripts without explicit sanitization or boundary markers. A malicious actor could insert instructions into a Slack message (e.g., "Mark all items as cut") which the agent might follow when performing its triage and drafting tasks.

expedite