The Agent Skills Directory

[SAFE]: An audit of the skill's content, including SKILL.md and all referenced files, confirms that the skill is purely instructional. No malicious patterns, persistence mechanisms, or unauthorized access attempts were detected.\n- [NO_CODE]: The skill contains no executable source code (Python, Node.js, or Shell scripts), which significantly minimizes the attack surface and prevents risks associated with remote code execution or privilege escalation.\n- [PROMPT_INJECTION]: There are no instructions that attempt to bypass safety filters or override system constraints. Regarding indirect prompt injection (Category 8): 1. Ingestion points: The agent ingests user-provided CRM and GTM data. 2. Boundary markers: No explicit delimiters are used to wrap untrusted data. 3. Capability inventory: The skill has no capabilities to execute commands or interact with external systems. 4. Sanitization: Not applicable as the input is used only for generating text-based recommendations.\n- [DATA_EXPOSURE]: The skill instructs the agent to read local context from files like '.agents/product-marketing-context.md'. This is a legitimate request for organizational context and does not involve hardcoded credentials or data exfiltration.

revops