The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on executing a local binary named clipmem and various system utilities (launchctl, awk, grep) via the scripts/check-setup.sh script to manage the clipboard archive and verify system health.
[DATA_EXFILTRATION]: The skill accesses a sensitive local SQLite database located at ~/Library/Application Support/clipmem/clipmem.sqlite3. This file contains a comprehensive history of the user's clipboard activity, which frequently includes sensitive information such as credentials, personal identification, and private notes. Although this access is central to the skill's functionality, it represents a significant data exposure surface.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves untrusted content from the system clipboard. Ingestion points: Data enters the agent's context through clipmem commands that query the clipboard archive (SKILL.md). Boundary markers: No delimiters or instructions are used to separate the recalled clipboard content from the agent's instructions. Capability inventory: The agent can execute shell commands via the clipmem binary and write files to the filesystem using clipmem export (references/commands.md). Sanitization: There is no evidence of sanitization or validation of the retrieved clipboard content before it is processed by the agent.

clipboard-memory