The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for status notifications and environment management. In SKILL.md, the agent is directed to use curl to send POST requests to http://localhost:8888/notify and jq to parse data from ~/.claude/MEMORY/STATE/current-work.json for directory resolution.- [DATA_EXFILTRATION]: The skill accesses local configuration and state files within the ~/.claude/ directory to manage investigation context and work directories. While this is used for internal state management, it involves programmatic access to sensitive local filesystem paths.- [PROMPT_INJECTION]: The skill is designed to ingest and process large volumes of untrusted data from external sources, creating a significant Indirect Prompt Injection surface.
Ingestion points: Data is ingested through multiple researcher agents (Perplexity, Claude, Gemini, Grok) that fetch web content, social media data, and public records as defined in Methodology.md and various workflow files.
Boundary markers: The workflows do not specify the use of boundary markers or instructions to the LLM to ignore potentially malicious embedded directives in the gathered OSINT data.
Capability inventory: The skill environment has access to shell commands (curl, jq) and various technical reconnaissance tools (subfinder, amass, assetfinder) mentioned in CompanyTools.md and EntityTools.md.
Sanitization: There is no evidence of data sanitization, filtering, or validation of the external content before it is incorporated into the agent's context.

OSINT