The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute several local Python scripts, including brand-voice-scorer.py, approval-manager.py, and execution-tracker.py, to perform scoring, approval management, and logging tasks.
[DATA_EXFILTRATION]: The skill accesses local files within the user's home directory (~/.claude-marketing/) to retrieve brand profiles, guidelines, and standard operating procedures (SOPs). While intended for personalization and compliance, this involves reading potentially sensitive marketing data and transmitting derived content to external recipients via messaging platforms.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Untrusted data enters via message content, personalization fields, and recipient CSV files. 2. Boundary markers: Absent; the instructions do not specify delimiters or 'ignore' instructions for user-provided tokens. 3. Capability inventory: The skill can read local files, execute Python scripts, and send messages via external APIs (Twilio/Brevo). 4. Sanitization: Absent; while length and opt-out keywords are checked, there is no validation to prevent malicious instructions in personalization fields from influencing agent behavior.

send-sms