The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute a local script named intelligence-graph.py with arguments such as {slug} and {scenario} which are derived from local configuration files and user input. This is a functional requirement for the skill's reporting capabilities but presents a potential injection surface.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to the way it interpolates untrusted data from marketing profile files and user requests into command-line operations.\n
Ingestion points: Data is loaded from brand profile and guideline files located in ~/.claude-marketing/ and received via user input for focus areas and playbook scenarios.\n
Boundary markers: No explicit delimiters or security instructions to ignore embedded commands are present in the provided skill text.\n
Capability inventory: The skill utilizes subprocess execution to run the intelligence-graph.py script for data aggregation and playbook generation.\n
Sanitization: There is no evidence of input validation, escaping, or sanitization for the variables interpolated into the command arguments.

intelligence-report