The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Python script campaign-tracker.py with arguments derived from session context. While this is central to the skill's functionality, the script's content is not provided in the skill package for verification.- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses brand data stored in the local directory ~/.claude-marketing/brands/, including profile information and marketing guidelines. This access allows the agent to read potentially sensitive business strategy and brand configuration data from the local filesystem.- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing instructions from external brand data files. Ingestion points: reads from profile.json, _manifest.json, and various guideline files such as restrictions.md and messaging.md. Boundary markers: no delimiters or safety instructions are used to separate the ingested data from the agent's core logic. Capability inventory: includes the ability to read from the filesystem and execute shell commands (python campaign-tracker.py). Sanitization: there is no evidence of validation or sanitization of the content retrieved from these files before it is processed by the agent.

campaign-orchestrator