The Agent Skills Directory

[COMMAND_EXECUTION]: The file SKILL.md contains a functional instruction to execute a local Python script campaign-tracker.py using the python interpreter to manage campaign data.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from user-provided URLs during landing page audits. 1. Ingestion points: The skill ingests external content via the 'Page URL or description' field defined in the Required Context section of SKILL.md. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the audit workflow. 3. Capability inventory: Across SKILL.md, the agent is granted the capability to read local files (~/.claude-marketing/brands/) and execute shell commands (python campaign-tracker.py). 4. Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external URLs before it is processed by the agent.
[DATA_EXFILTRATION]: The skill instructions in SKILL.md involve reading brand-specific metadata and profiles from a localized directory in the user's home folder (~/.claude-marketing/). While no external network transmission of this data was observed, the skill explicitly accesses files outside of its immediate skill folder.

cro