The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The workflows in Workflows/ReverseLookup.md and Workflows/SocialMediaSearch.md require the installation of external tools holehe and sherlock-project using pip install. These are not standard skill dependencies and are installed at runtime without version pinning or integrity checks.
[PROMPT_INJECTION] (MEDIUM): SKILL.md contains instructions to load and apply PREFERENCES.md from a specific local directory (~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/PrivateInvestigator/) which "override default behavior". This represents a mechanism for local instruction injection that can alter the agent's core safety or operational logic.
[COMMAND_EXECUTION] (SAFE): SKILL.md includes a curl command used for sending notifications to localhost:8888. Because localhost is a whitelisted domain and the command is used for status signaling rather than code execution or exfiltration, it is considered safe.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests large amounts of untrusted data from external websites (search aggregators, social media, public records) and uses that data to influence subsequent tasks, tool calls, and report generation.
Ingestion points: Web results from 15 parallel research agents in Workflows/FindPerson.md (Step 2) and social media scrapers.
Boundary markers: Absent; results are compiled directly into profiles and reports without delimiters or instructions to ignore embedded commands.
Capability inventory: curl (SKILL.md), pip (Workflows/ReverseLookup.md), and multi-agent orchestration tools.
Sanitization: No sanitization or validation logic is specified for data retrieved from external sources before it is processed by the LLM.

PrivateInvestigator