The Agent Skills Directory

[PROMPT_INJECTION]: No malicious instruction overrides, safety filter bypasses, or system prompt extraction attempts were identified.
[DATA_EXFILTRATION]: No network operations, hardcoded credentials, or access to sensitive local file paths (such as SSH or cloud provider configs) were detected. The scripts process data locally.
[COMMAND_EXECUTION]: The skill uses Python scripts to calculate marketing metrics. These scripts use standard libraries and do not employ dangerous functions like eval(), exec(), or subprocess for arbitrary command execution.
[EXTERNAL_DOWNLOADS]: The skill references the well-known scipy library for statistical analysis. No remote scripts or unverified third-party packages are downloaded or executed at runtime.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted external data (CSV and JSON files).
Ingestion points: User-provided data files processed by scripts in the scripts/ directory.
Boundary markers: None identified in the instructional content.
Capability inventory: Basic file reading and console output; no dangerous sinks detected.
Sanitization: Standard data parsing (JSON and Python types).
Risk: The potential for indirect prompt injection is minimal because the skill lacks the system capabilities (network access, command execution) required to weaponize malicious input data.

growth-marketer