The Agent Skills Directory

[DATA_EXFILTRATION]: The Python scripts create_cards.py and investment_farming_cards.py contain hardcoded absolute file paths (e.g., /Users/chunjun/.claude/skills/...). This results in the exposure of the developer's local username and directory structure.- [PROMPT_INJECTION]: The SKILL.md file uses steering techniques to influence the agent's behavior, such as simulating past user interactions ("The user ALREADY said...") and mandating the repetition of specific high-craftsmanship terminology to enforce a specific persona.- [EXTERNAL_DOWNLOADS]: Instructions in SKILL.md explicitly direct the agent to "Download and use whatever fonts are needed," which encourages the acquisition of third-party assets from unverified remote sources at runtime.- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes user instructions without boundary markers or sanitization.
Ingestion points: User-provided inputs enter the context during the "Design Philosophy Creation" step in SKILL.md.
Boundary markers: Absent; the skill lacks delimiters or specific instructions to isolate user data from system commands.
Capability inventory: File-write operations for .md, .png, and .pdf files, and script execution (create_cards.py, investment_farming_cards.py).
Sanitization: Absent; the agent is instructed to use the user's "subtle reference" as the core conceptual DNA of the work without filtering.

canvas-design