The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to its core function of processing external, untrusted data.
Ingestion points: The agent is instructed to use tools like Read, Grep, and WebSearch to ingest "customer research synthesis", "market insights", and data from feedback-recall and feedback-capture (documented in SKILL.md).
Boundary markers: There are no explicit instructions to treat external data as untrusted or to use delimiters to separate data from instructions.
Capability inventory: The skill allows the use of Bash, Write, Edit, and WebSearch tools, providing a broad set of capabilities for an attacker to exploit if they successfully inject instructions into processed data.
Sanitization: No sanitization or validation logic is defined for the external inputs being processed.
[COMMAND_EXECUTION]: The skill explicitly enables the Bash tool for the agent. While intended for operational tasks, this provides the agent with the ability to execute arbitrary shell commands. This capability significantly increases the risk profile when combined with the ingestion of untrusted external research data.

product-marketing-manager