The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's instructions in 'SKILL.md' define shell command templates that interpolate user-provided inputs directly into subprocess calls. Specifically, in Step 3, the '{content_or_path}' and '{type}' variables are placed inside double quotes in a 'python' command. In Step 4, the '{type}' and '{scores_json}' variables are similarly interpolated. This pattern is highly susceptible to shell command injection if a user provides input containing characters like semicolons, backticks, or subshell syntax.
[PROMPT_INJECTION]: The skill demonstrates a significant attack surface for indirect prompt injection as it is designed to ingest and process arbitrary text from external files and user-provided blocks.
Ingestion points: Content is loaded from user-specified file paths, all text-based files in provided directories, and inline content blocks as described in the 'Input Required' section and Step 2 of the process.
Boundary markers: The instructions do not specify the use of delimiters or safety markers to differentiate between the external content being evaluated and the agent's core instructions.
Capability inventory: The skill is capable of executing local Python scripts ('eval-runner.py', 'quality-tracker.py') and reading brand profiles and configuration files from the '~/.claude-marketing/' directory.
Sanitization: No sanitization, escaping, or validation logic is mentioned for the untrusted external content before it is passed to the evaluation scripts or the 'quality-assurance' agent.

eval-suite