The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md preamble contains instructions to execute telemetry/version_check.py and telemetry/telemetry_init.py upon skill startup. These files are not provided in the skill distribution, making the code unverifiable and potentially malicious.
[COMMAND_EXECUTION]: The script scripts/cold-outbound-sender.py uses subprocess.run to execute an external CLI tool (gog) for sending emails. The base command is configurable via the --cli-command argument, which could be abused if the agent is manipulated into passing malicious parameters.
[EXTERNAL_DOWNLOADS]: The script scripts/competitive-monitor.py uses urllib.request to fetch content from arbitrary competitor URLs defined in configuration files or environment variables. This external data is then processed and integrated into the agent's context.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external websites (competitor pricing and blogs) to generate intelligence reports. This creates a surface where malicious instructions hidden in those websites could influence the agent's behavior.
Ingestion points: scripts/competitive-monitor.py (via urllib.request.urlopen).
Boundary markers: Absent. The script extracts text from HTML and passes it to the agent without delimiters or instructions to ignore embedded commands.
Capability inventory: The agent has the ability to send emails (cold-outbound-sender.py), access the Instantly API (instantly-audit.py), and write reports to the local file system.
Sanitization: The validate_text function only performs length truncation and does not filter for prompt injection patterns, although cold-outbound-sender.py does include a regex-based validator for outgoing email content to block credential exposure.

cold-outbound-optimizer