The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to capture and store untrusted data from human interactions (e.g., "Quote of the Day", "Notable Interactions") into markdown files. This creates a surface for indirect prompt injection if the agent later processes these logs for reflection or summarization.
Ingestion points: Human-provided text via interactions and quotes processed into templates/daily.md and stored in memory/diary/.
Boundary markers: Absent. User input is interpolated directly into markdown templates without delimiters or "ignore" instructions.
Capability inventory: scripts/export.py invokes subprocess.run to call the pandoc utility.
Sanitization: No evidence of sanitization or escaping for user-provided strings before they are written to disk or processed by the AI.
Command Execution (SAFE): scripts/export.py executes system commands using subprocess.run to convert markdown files to PDF or HTML using pandoc. The arguments are passed as a list rather than a shell string, which is a secure practice that prevents typical command injection. This operation is essential to the stated primary purpose of the skill.

agent-chronicle