The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it uses WebSearch and WebFetch to gather external benchmarks while handling highly sensitive user data.
Ingestion points: WebSearch results, WebFetch content, and the local resources/implementation-playbook.md file.
Boundary markers: Absent. The instructions do not provide delimiters or specific guidelines for the agent to ignore instructions embedded in retrieved web content.
Capability inventory: The skill allows Bash, WebFetch, WebSearch, and Write tools. If an injection occurred via a malicious web page, these tools could be used to exfiltrate collected financial data.
Sanitization: No sanitization or validation of external content is specified in the instructions.
DATA_EXFILTRATION (SAFE): The skill's primary purpose is to collect and analyze sensitive business data (MRR, Cash Balance, Burn Rate). While this creates a high-value target, no patterns of unauthorized exfiltration or hardcoded malicious destinations were detected. The data collection is consistent with the skill's stated purpose.
COMMAND_EXECUTION (SAFE): Although the Bash tool is permitted in the metadata, the skill instructions do not contain any hardcoded shell commands, scripts, or patterns of dynamic command generation. The risk is minimized as the tool appears to be for general agent environment interaction rather than specific automated execution.

startup-business-analyst-financial-projections