The Agent Skills Directory

[COMMAND_EXECUTION]: The 'github-deploy' specialist sub-skill provides a series of shell commands for the user to execute, including system package installation (brew install git), global git configuration, and repository initialization. If an agent executes these directly, it represents a significant command execution surface.
[DATA_EXFILTRATION]: The skill facilitates the movement of local marketing files and client profiles to external GitHub repositories via git commands. This mechanism, while intended for backup and deployment, provides a path for data to leave the local environment.
[CREDENTIALS_UNSAFE]: The configuration section explicitly instructs the user to export sensitive API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY) as environment variables. While standard for many developer tools, it involves the manual handling of plaintext secrets.
[PROMPT_INJECTION]: The 'Revision Loop' feature enables the agent to read an external log file (revision-log.md) and use that data to 'update relevant sub-skill' instructions. This creates an indirect prompt injection vector where malicious or malformed data placed in the logs (potentially from session inputs) could modify the future behavior of the agent's specialist skills.

marketing-orchestrator-skill