The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions in references/xlsx-format.md direct the agent to execute a local script python scripts/recalc.py /home/claude/salience_matrix.xlsx 60. This script is not provided within the skill files, creating a risk where an attacker could provide a malicious script at that path to gain arbitrary code execution on the agent's environment.
[DATA_EXFILTRATION]: The skill implements logic to send user-provided review data to external network endpoints. Specifically, references/external-scorer.md provides code patterns using requests.post to send batches of review text to arbitrary URLs (e.g., N8N_WEBHOOK_URL). This facilitates the exfiltration of potentially sensitive customer feedback to non-whitelisted domains.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from product reviews via load_reviews in SKILL.md and processes it using an LLM-based semantic scorer.
Ingestion points: CSV files containing review text (SKILL.md).
Boundary markers: None identified; the instructions do not specify delimiters or warnings to ignore instructions embedded within the reviews.
Capability inventory: The skill has the ability to perform network requests (requests.post) and execute shell commands (python scripts/recalc.py).
Sanitization: None; review text is passed directly to the scoring logic without filtering or escaping.

review-salience-xlsx