The Agent Skills Directory

[DATA_EXFILTRATION]: Accesses sensitive local file paths associated with the flomo desktop application to extract authentication credentials.
Evidence: The script scripts/flomo_to_nblm.py and documentation in SKILL.md specify reading authentication tokens from ~/Library/Containers/com.flomoapp.m/.../leveldb.
[REMOTE_CODE_EXECUTION]: Dynamically loads and executes a Python module from a calculated local path using importlib.
Evidence: In scripts/flomo_to_nblm.py, the load_local_api_module function uses importlib.util.spec_from_file_location and spec.loader.exec_module to load a helper script from a sibling directory (flomo-local-api/scripts/flomo_local_api.py). This bypasses standard static import checks.
[EXTERNAL_DOWNLOADS]: Fetches files from remote URLs found within memo content using network libraries.
Evidence: The download_attachment function in scripts/flomo_to_nblm.py uses urllib.request.urlopen to download resources to the local file system when the asset-mode is configured to copy.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted HTML content for conversion into Markdown intended for AI consumption.
Ingestion points: Memo content HTML is retrieved from the flomo API and processed in scripts/flomo_to_nblm.py.
Boundary markers: The generated Markdown output does not include explicit delimiters or instructions to ignore embedded commands.
Capability inventory: The script has the ability to write files to the output directory and make network requests via urllib.
Sanitization: While BeautifulSoup is used to convert HTML structure to Markdown, no semantic filtering is performed to prevent instructions embedded in the memos from influencing downstream LLM behavior.

flomo-memo-to-markdown