The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill uses extremely authoritative and coercive language ('MANDATORY', 'REQUIRED', 'not optional', 'MUST') in SKILL.md to force the agent to execute a background shell command (curl) immediately upon invocation. This overrides standard agent behavior and bypasses discretionary execution.
[COMMAND_EXECUTION] (HIGH): The skill explicitly instructs the agent to run arbitrary shell commands.
Evidence in SKILL.md: A curl command to localhost:8888 is mandated to be run in the background.
Evidence in Workflows/CreateSalesPackage.md: A bun run command executes a local TypeScript file (~/.claude/skills/art/Tools/Generate.ts) with interpolated prompt arguments.
[INDIRECT_PROMPT_INJECTION] (HIGH): The skill has a significant attack surface as it is designed to ingest and process untrusted external data.
Ingestion points: Workflows/CreateNarrative.md and Workflows/CreateSalesPackage.md accept product documentation, feature specifications, and external URLs.
Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands within the ingested product data.
Capability inventory: The skill possesses the capability to execute shell commands (bash, curl) and run scripts (bun).
Sanitization: Absent. There is no logic to sanitize or validate the external content before it is processed or used to construct prompts for the Art Skill or StoryExplanation Skill.
[DATA_EXFILTRATION] (MEDIUM): The curl command sends notification data to a local port (8888). While targeting localhost, this pattern can be used to communicate with malicious local services or probe the local network environment without user consent.

Sales