The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local script audience-simulator.py using dynamic arguments such as {id} and {slug}.
Evidence found in SKILL.md: audience-simulator.py load-panel --panel-id {id}, audience-simulator.py create-panel, and audience-simulator.py test-pricing.
Risk: If the {id} or other parameters are derived from unsanitized user input, it could lead to command injection or unauthorized execution patterns.
[DATA_EXFILTRATION]: The skill performs broad file system access within the user's home directory to retrieve brand profiles and CRM-grounded audience data.
Evidence found in SKILL.md: Reads from ~/.claude-marketing/brands/, ~/.claude-marketing/sops/, and utilizes CRM purchase history for grounding.
Risk: Unauthorized access or accidental exposure of sensitive business data (CRM records, brand strategy) to the agent context.
[PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection by ingesting external data from CRM systems and brand profile files.
Ingestion points: CRM purchase history, profile.json, and _manifest.json files.
Boundary markers: None identified in the provided instructions to delimit or ignore embedded instructions in the ingested data.
Capability inventory: Execution of audience-simulator.py and reading of multiple configuration files.
Sanitization: No explicit sanitization or validation of the external content is mentioned before it is processed by the agent.

pricing-test