The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently invokes shell commands and external scripts. Evidence includes:
Execution of osascript to interface with Apple Calendar.
Execution of local shell scripts such as scripts/weekly-brief.sh.
Execution of Python scripts like scripts/job_search_hub_sync.py to generate scorecards.
[REMOTE_CODE_EXECUTION]: The skill explicitly instructs the agent to 'write Python code' at runtime to fetch and process data from Gmail, Things 3, and Calendar. This dynamic generation and execution of code bypassing standard tool calls increases the risk of unintended behavior if the generated logic is flawed or manipulated.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection through its data ingestion points.
Ingestion points: Reads up to 50 unread emails via gmail.get_unread(50) and daily calendar events.
Boundary markers: None identified; the skill does not use delimiters or instructions to ignore embedded commands in the data it processes.
Capability inventory: Full Python execution environment, shell access (osascript, bash), and file system write access (job_search_hub.json).
Sanitization: No evidence of sanitization, filtering, or validation of the content retrieved from emails or calendar events before it is processed by the agent.
[DATA_EXFILTRATION]: While no explicit exfiltration to a malicious domain is hardcoded, the skill accesses highly sensitive personal information (emails, private calendars, financial tasks). The combined capability of reading this data and executing arbitrary Python code creates a significant data exposure risk.

executive-assistant