The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requests access to the Bash tool. According to the instructions, this is intended for file management and document export (PDF generation), but it provides a high-privilege environment for shell command execution.
[DATA_EXFILTRATION]: The skill extracts sensitive business data from internal sources (accounting, payments, and CRM systems) and exports it to external cloud storage services, specifically mentioning Yandex Disk and Cloud Mail.ru.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external CRM and accounting systems without explicit safety boundaries.
Ingestion points: Data is pulled from ~~бухгалтерия, ~~платежи, and ~~crm (defined in SKILL.md).
Boundary markers: The instructions do not define delimiters or "ignore embedded instructions" warnings to isolate external data from the agent's internal logic.
Capability inventory: The agent has access to the Bash tool, file writing capabilities, and WebFetch.
Sanitization: There is no mention of sanitization, filtering, or validation of the external content before it is interpolated into the narrative generation process.

quarterly-review