The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes content from untrusted external URLs during SEO audits and competitor analysis. Ingestion points: URLs provided to commands like /aaron:audit, /aaron:compete, and /aaron:refresh in SKILL.md. Boundary markers: The instructions do not specify any delimiters or safety warnings to ignore instructions found within the fetched content. Capability inventory: The skill can write to the local file system (memory/ directory), execute shell scripts (scripts/recover-retired-warm.sh), and perform network operations via optional MCP connectors. Sanitization: There is no evidence of sanitization or filtering of the fetched external content.
[COMMAND_EXECUTION]: The skill provides instructions for users to execute shell commands such as 'rm -rf memory/wiki/' and 'bash scripts/recover-retired-warm.sh' for maintaining the internal memory and wiki systems.
[DATA_EXFILTRATION]: The skill performs network operations by fetching content from external domains (e.g., website audits, competitor sites) provided by the user. While this is necessary for its SEO functions, it constitutes a network interaction surface with non-whitelisted domains.

seo-geo-claude-skills