The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill stores sensitive Tesla API tokens in a local file at ~/.tesla_cache.json. While it attempts to set restrictive permissions (chmod 0600), the presence of plaintext-equivalent tokens in the home directory is a security consideration.
[COMMAND_EXECUTION]: The skill executes commands that control physical vehicle functions such as locking/unlocking, opening the trunk, and adjusting charging parameters. Many of these actions are protected by a --yes confirmation flag.
[DATA_EXFILTRATION]: The skill can retrieve and output sensitive vehicle location data. Precise coordinates are accessible via the location --yes command.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from the Tesla API (e.g., vehicle names, status strings) which could contain malicious instructions for the agent. * Ingestion points: Data retrieved from the Tesla Owner API through the teslapy library in scripts/tesla.py. * Boundary markers: None identified in the skill instructions or command descriptions. * Capability inventory: Subprocess calls to scripts/tesla.py for vehicle control (unlock, climate, trunk) and local database operations for mileage tracking. * Sanitization: Documentation mentions a 'sanitized' report object, but raw API payloads are accessible via specific flags.

my-tesla