The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to execute a local Python script using the command: python campaign-tracker.py --brand {slug} --action list-campaigns. The interpolation of the {slug} variable from the brand context into a shell command string represents a potential command injection vector if the brand name or slug is derived from untrusted user input.- [DATA_EXFILTRATION]: The skill is configured to automatically read sensitive configuration and profile data from the user's home directory at ~/.claude-marketing/brands/{slug}/profile.json and ~/.claude-marketing/brands/{slug}/guidelines/_manifest.json. Accessing files within the home directory is a sensitive operation that could be leveraged to expose private marketing data or configuration.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting content from multiple external files (e.g., profile.json, restrictions.md, messaging.md) and incorporating them into the active prompt context. Ingestion points: ~/.claude-marketing/ brand directory; Boundary markers: None specified; Capability inventory: Subprocess execution (campaign-tracker.py) and file system access; Sanitization: None mentioned for external markdown and JSON content.

aeo-geo