The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to clone a repository from an unverified GitHub account (https://github.com/ericosiu/ai-marketing-skills.git). This source is not recognized as a trusted organization or a well-known service, posing a supply-chain risk.
[COMMAND_EXECUTION]: The installation and usage guides provide multiple shell commands for installing unknown dependencies via pip install -r requirements.txt and executing various Python scripts that perform automated marketing operations and API interactions.
[DATA_EXFILTRATION]: The project includes a telemetry module (telemetry/version_check.py) and an opt-in telemetry system. While described as a version check, these scripts perform network operations to remote servers that could expose details about the local execution environment and usage patterns.
[PROMPT_INJECTION]: The skill exhibits a significant attack surface for indirect prompt injection due to its reliance on external data processing.
Ingestion points: The skill ingests untrusted data from Gong call transcripts, website visitor intent data via RB2B, LinkedIn profiles, and external expert personas defined in JSON files.
Boundary markers: There are no explicit instructions or delimiters in the provided code snippets to prevent the AI from following malicious instructions embedded within these external data sources.
Capability inventory: The skill possesses extensive capabilities, including network API access to CRMs (Salesforce), marketing tools (Instantly, Apollo), and LLM providers, as well as file system read access.
Sanitization: Although a PII sanitizer is mentioned for privacy compliance, there is no evidence of input validation or escaping mechanisms designed to prevent instruction injection from the ingested data.

ai-marketing-skills-automation