The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from Alibaba supplier messages.
Ingestion points: Supplier messages are read from the browser via mcp__claude-in-chrome__read_page in SKILL.md.
Boundary markers: The instructions lack explicit delimiters or instructions to ignore embedded commands when processing supplier replies.
Capability inventory: The agent can perform browser actions (click, type, navigate) and write to the local file system in ~/.claude/supplier-conversations/.
Sanitization: There is no evidence of sanitization or validation of the text retrieved from the external website before it is used to influence the negotiation logic.
[COMMAND_EXECUTION]: The skill makes extensive use of the mcp__claude-in-chrome__computer tool to simulate user interactions (clicking and typing) within a browser session where the user is required to be logged in. This represents a significant capability that could be abused if the agent is misled by malicious input from the web pages it visits.

alibaba-supplier-outreach