The Agent Skills Directory

[DATA_EXFILTRATION]: The skill includes instructions to access and summarize highly sensitive and private data sources. Specifically, the 'Sam Mode' described in SKILL.md and _references/sam-report-template.md directs the agent to 'Fetch ALL Slack channels Tyler is in — Including DMs' and 'Fetch Gmail for key email threads'. This behavior automates the extraction of private communications into report files stored in the workspace (pm-workspace-docs/status/activity/sam/), creating a high risk of unauthorized exposure of credentials, private discussions, or sensitive company information.
[COMMAND_EXECUTION]: The skill utilizes local shell commands, specifically git log and the GitHub CLI (gh pr list), to extract activity data from the local repository and GitHub. These are executed as part of the data collection phase in SKILL.md.
[PROMPT_INJECTION]: The skill exhibits a significant Indirect Prompt Injection surface by ingesting untrusted data from Slack, GitHub, Linear, Notion, and Gmail.
Ingestion points: Data enters the agent context through SLACK_FETCH_CONVERSATION_HISTORY, GOOGLESUPER_FETCH_EMAILS, and Linear/Notion MCP tools.
Boundary markers: The skill lacks explicit boundary markers or delimiters in its report templates to wrap external content.
Capability inventory: The agent has the capability to execute shell commands (git, gh), write files to the workspace, and potentially send Slack DMs with the output.
Sanitization: No sanitization or validation of the external content is mentioned before interpolation into the report templates.

activity-reporter