The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone several repositories from GitHub, specifically onvoyage-ai/best-ai-marketing-platform-benchmark and onvoyage-ai/gtm-engineer-skills. These are external sources whose contents are not pre-verified and do not belong to the trusted organization list.
[REMOTE_CODE_EXECUTION]: By directing the agent to clone repositories and subsequently run npm install and npm run audit, the skill facilitates the execution of arbitrary remote code contained within those external repositories. This pattern bypasses standard safety review by pulling in dynamic content at runtime.
[COMMAND_EXECUTION]: The documentation provides multiple shell commands intended for execution, including git clone, npm install, and npm run, which interact directly with the host system's shell and package manager.
[DATA_EXFILTRATION]: The Python implementation of the GEOPlatformClient performs network POST requests to external domains such as api.profound.com and api.goodie.ai. This represents a potential data exfiltration vector if sensitive information or environment variables are passed to these services during interaction.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting external data (URLs and brand names) and passing them to potentially dangerous capabilities.
Ingestion points: External URLs passed as CLI arguments to npm run audit and brand names passed to API clients in Python snippets.
Boundary markers: Absent; there are no instructions to the model to ignore potential instructions embedded within the provided URLs or marketing data.
Capability inventory: File system access (via git), network access (requests.post), and subprocess execution (npm run).
Sanitization: Absent; the provided code does not show validation or escaping of the input data before it is used in shell commands or network requests.

best-ai-marketing-platform-benchmark