The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute 'python campaign-tracker.py --brand {slug} --action list-campaigns' within the SKILL.md file. This script is not included in the provided package, meaning the agent relies on unverified external code.
[DATA_EXFILTRATION]: The instructions direct the agent to read sensitive brand profiles and compliance rules from the user's home directory at '~/.claude-marketing/brands/'. Accessing files in the home directory is a high-risk data exposure pattern.
[REMOTE_CODE_EXECUTION]: There is a risk of command injection via the '{slug}' variable used in the Python command execution if the platform does not sanitize the brand identifier before it is passed to the shell.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface: it ingests untrusted data from multiple local files (e.g., profile.json, messaging.md) and possesses command execution capabilities. Evidence Chain: (1) Ingestion points: '~/.claude-marketing/brands/{slug}/profile.json' and related files. (2) Boundary markers: Absent. (3) Capability inventory: 'python' command execution in SKILL.md. (4) Sanitization: None documented.

cro