The Agent Skills Directory

[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from various external messaging platforms (WhatsApp, Telegram, Signal, etc.) through the Beeper API. Data is retrieved through curl commands from endpoints like /v1/chats/{chatID}/messages and /v1/messages/search. The instructions provided to the agent lack boundary markers to encapsulate this external data and do not include warnings to ignore instructions that might be embedded in the retrieved messages. The agent's ability to send messages and reactions through the API creates a capability loop that could be exploited by malicious message content. No evidence of content filtering or sanitization is present in the skill definition.
[COMMAND_EXECUTION]: The skill relies on the execution of shell commands, specifically curl and jq, to communicate with the local Beeper Desktop API running on port 23373. This command execution is the intended primary mechanism for the skill's operations and is directed at a local service.

claw-me-maybe