The Agent Skills Directory

Persistence Mechanisms (HIGH): The script references/setup_automation.sh creates a macOS LaunchAgent by writing a .plist file to ~/Library/LaunchAgents/ and loading it with launchctl. This enables the skill to run code automatically on a persistent schedule without user interaction.\n- Data Exposure & Credentials (MEDIUM): The skill's setup process involves capturing a user's API key and writing it to ~/intelligems-analytics/.env. Storing secrets in plain-text configuration files increases the risk of credential exposure to other local processes with access to the user's home directory.\n- Command Execution (MEDIUM): Multiple files (setup_workspace.sh, setup_automation.sh, and SKILL.md instructions) perform direct shell commands including virtual environment creation, pip installations, file system modification, and system service management.\n- Data Exfiltration (LOW): The references/ig_slack.py module includes functionality to send data to external Slack webhooks provided at runtime. While the destination is user-defined, it establishes a network pathway for data to leave the local environment.

intelligems-core