The Agent Skills Directory

[SAFE]: The skill's primary function is to perform sales data analysis. It uses standard platform tool connectors (e.g., ~~accounting and ~~payments) or manual CSV file uploads to retrieve data, with no evidence of unauthorized network or file system access.- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests data from external sources. Evidence Chain: 1. Ingestion points: SKILL.md (Step 3: CSV/Excel uploads, accounting and payment APIs). 2. Boundary markers: Absent. 3. Capability inventory: The skill produces a text-based brief and structured JSON for subsequent tools; it lacks high-risk capabilities like shell execution or file-system writing. 4. Sanitization: No explicit validation or sanitization is mentioned. Mitigation: The skill mandates user review and confirmation (Step 6) of the generated brief before it is processed further, significantly lowering the risk.

content-strategy