The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill ingests untrusted data from arbitrary URLs using the WebFetch tool to identify metadata and CSS selectors.
Ingestion points: Website content retrieved via WebFetch as described in references/analysis-workflow.md.
Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the fetched HTML/JSON-LD content.
Capability inventory: Network read (WebFetch), local file read (Templates/Bases/*.base), and template generation.
Sanitization: The instructions recommend verifying selectors against the fetched content but do not include specific sanitization or escaping of the retrieved data before it is processed by the agent's reasoning logic.
[Data Exposure & Exfiltration] (SAFE): The skill reads from a specific directory (Templates/Bases/) to align with user templates. This is restricted to application-specific files and does not target sensitive system paths or credentials.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): No external package managers or remote script executions were detected in the skill files.

obsidian-clipper-template-creator