The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to read strategy documents, lead lists, and campaign assets from the local filesystem (clients/ directory) and transmit that data to external cloud services (Notion and Google Sheets). While these are well-known services, the process involves moving sensitive client data from a local environment to the cloud.
[PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection because it processes untrusted content from markdown and CSV files without sanitization or boundary markers.
Ingestion points: Reads various file types (Markdown, CSV) from clients/<client_name>/ including strategies, campaign assets, and lead lists.
Boundary markers: Absent. The skill instructions direct the agent to "Read the full .md content" and integrate it directly into the output structure.
Capability inventory: Creating and updating content in Notion via API, creating Google Sheets via the Rube MCP server, and potentially triggering automated outreach through the setup-outreach-campaign skill.
Sanitization: No mechanisms are described to sanitize the ingested text for embedded instructions that could hijack the agent's logic or trigger unauthorized actions in connected skills.

client-package-notion