The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is susceptible to Indirect Prompt Injection by design as it incorporates untrusted data into its core logic for intent decoding. • Ingestion points: The bootstrapping process scans chat, calendar, email, and documents (SKILL.md). • Boundary markers: No delimiters or ignore-instructions markers are defined for the ingested data. • Capability inventory: The skill writes to persistent local files (CLAUDE.md and memory/) which directly influence how the agent translates 'shorthand' into executable actions. • Sanitization: There is no evidence of filtering or validation for content extracted from external documents.
[DATA_EXFILTRATION] (MEDIUM): While no active network exfiltration is present, the skill centralizes highly sensitive organizational context—including project budgets ($1.2M), deal sizes ($2.3M), and internal reporting structures—into plaintext files, creating a high-value target for subsequent attacks.

memory-management