The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves ingesting and analyzing content from external, untrusted sources.
Ingestion points: The skill instructs the agent to gather data from competitor URLs and customer review platforms (G2/Capterra) to analyze themes and sentiment (found in SKILL.md).
Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following malicious instructions that might be embedded in the competitor's website content or review data.
Capability inventory: The skill is primarily instructional and focused on data extraction and reporting. It does not appear to possess high-risk capabilities like arbitrary shell execution or writing to the local filesystem.
Sanitization: The instructions do not specify any validation or sanitization steps for the data retrieved from external URLs.
[EXTERNAL_DOWNLOADS]: The skill's documentation contains a reference to an unverified third-party GitHub repository.
Evidence: The 'Workflow' section in SKILL.md points to 'https://github.com/padiel-g/ISP-Market-Arbitrage-Competitive-Intelligence' as a source for competitor monitoring. While this is an informational link, it directs the agent or user to code and resources from a non-trusted repository.

competitor_intelligence