The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes several local binaries located in the ~/.claude/skills/econstack/bin/ directory for update checks and project management. Specifically, it uses eval "$(.../econstack-slug)" to execute shell commands generated dynamically by a local script, which is a high-risk pattern allowing for arbitrary code execution if the utility is compromised.
[EXTERNAL_DOWNLOADS]: The skill references and encourages the use of external code and data from GitHub. It suggests cloning https://github.com/charlescoverdale/econstack-data.git for parameter support and performing a git pull for skill updates. These third-party sources are not part of the established trusted vendor list.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the public web and incorporates it into structured research reports.
Ingestion points: Market data gathered via WebSearch and WebFetch tools as described in Step 2 of the instructions.
Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded commands within the fetched content.
Capability inventory: The skill utilizes the Bash and Write tools, providing a surface for command execution or file modification guided by injected instructions.
Sanitization: No sanitization, validation, or filtering processes are defined for the external content before it is processed into the final report.

market-research