The Agent Skills Directory

[DATA_EXPOSURE]: The skill instructions specify reading from local context files such as .agents/product-marketing.md, .claude/product-marketing.md, and product-marketing-context.md. This is a standard practice for gathering context and does not involve accessing sensitive system files or credentials.
[PROMPT_INJECTION]: The skill ingests untrusted data from the aforementioned context files to generate marketing content. While it lacks explicit boundary markers or sanitization for this external content, its capabilities are limited to text generation for marketing purposes, posing a negligible risk of indirect prompt injection.

competitors