The Agent Skills Directory

[PROMPT_INJECTION]: The skill's primary function is to audit external landing page content (URLs or text descriptions), which presents an indirect prompt injection surface where malicious instructions in the audited page could influence agent behavior. Ingestion points: The orchestrator and specialist agents in the 'agents/' directory ingest user-provided descriptions and external URL content. Boundary markers: The orchestrator instructions in SKILL.md mandate wrapping inputs and passing content instead of raw paths to sub-agents. Capability inventory: The skill can generate markdown reports and interact with multi-agent tools. Sanitization: No explicit content sanitization is mentioned, though the 'critic-agent.md' provides a validation layer against specific quality rubrics.
[COMMAND_EXECUTION]: The script 'scripts/lp-audit.sh' uses unvalidated shell arguments to determine the output file path ('cat > "$OUTPUT_FILE"'). If this script were executed autonomously by an agent or manually by a user with untrusted input, it could lead to arbitrary file overwrites via path traversal.

lp-optimization