The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes local Python scripts, including scripts/campaign-tracker.py, scripts/execution-tracker.py, and scripts/approval-manager.py. These scripts are used to list campaigns, retrieve execution history, and manage pending approvals. While these are part of the skill's core functionality, executing local scripts with parameters derived from configuration files (~/.claude-marketing/) represents a significant capability.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes and summarizes content from various external marketing platforms and internal logs. 1. Ingestion points: Data is ingested from external MCPs (google-ads, meta-marketing, linkedin-marketing, tiktok-ads, mailchimp) and local files such as brand profiles and execution logs. 2. Boundary markers: The instructions do not define specific delimiters or security guardrails to distinguish between the agent's instructions and the untrusted data retrieved from external platforms. 3. Capability inventory: The skill has the ability to execute local subprocesses and interact with network-connected marketing APIs. 4. Sanitization: There is no mention of sanitizing or validating campaign names, engagement metrics, or error messages from execution logs before they are incorporated into the dashboard output.

campaign-status