The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses highly sensitive file paths located at ~/.claude-marketing/credentials/ to manage agency credential profiles and ~/.claude-marketing/brands/{slug}/profile.json for brand data. This access involves reading potentially sensitive API keys and tokens.
[REMOTE_CODE_EXECUTION]: The process for adding integrations involves searching for and executing third-party packages from the npm registry using npx during the connectivity testing phase. Executing unvetted code found via automated searches poses a high risk of remote code execution if a malicious or typosquatted package is selected.
[COMMAND_EXECUTION]: The skill generates and executes shell commands to verify MCP connectivity and list tools. This includes starting a server and running operations, which creates a vector for command injection or execution of malicious logic embedded in a third-party package.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting untrusted metadata from external npm search results and using it to generate executable configurations.
Ingestion points: Search results from the npm registry (package names, descriptions) are processed at runtime to guide configuration.
Boundary markers: None identified; the agent mixes search data directly with its operational logic.
Capability inventory: The skill can read/write to sensitive credential paths, modify .mcp.json, and execute arbitrary commands via npx.
Sanitization: The skill suggests evaluating packages based on social proof (stars, downloads) but lacks technical sanitization or integrity verification of the remote code before execution.

add-integration