The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted CSV data and interpolates it into LLM prompts using tools like call_ai and call_ai_claude_code as described in enriching-and-researching.md and writing-outreach.md.
Ingestion points: CSV files processed via the deepline enrich command.
Boundary markers: Prompt templates do not consistently use strict delimiters or instructions to ignore embedded commands in the data.
Capability inventory: The agent has access to bash execution, web search tools, and numerous GTM provider APIs.
Sanitization: There is no evidence of input validation or escaping for the data being interpolated into the prompts.
[COMMAND_EXECUTION]: Several components utilize dynamic execution of code or commands.
The claude-deepline-statusline.mjs script reads a command from a local configuration file (~/.claude/statusline-user-command.txt) and executes it via execSync.
The writing-outreach.md documentation recommends the run_javascript tool to execute logic stored in external files (e.g., @${OUTPUT_DIR}/template_email.js).
[SAFE]: The skill performs data fetching from well-known and trusted sources.
The recipes/portfolio-prospecting.md file includes instructions to use curl for downloading company lists from ycombinator.com, which is a recognized service.

gtm-meta-skill