The Agent Skills Directory

[COMMAND_EXECUTION]: In SKILL.md, the agent is instructed to run the command python campaign-tracker.py --brand {slug} --action list-campaigns. Since the script campaign-tracker.py is not included in the skill's file set, this instruction constitutes an unverifiable and potentially dangerous execution path if a malicious script of the same name exists on the user's system.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to automatically load and apply instructions from multiple local files, which presents a significant vulnerability to indirect prompt injection if those files are tampered with or contain adversarial content.
Ingestion points: Files located at ~/.claude-marketing/brands/{slug}/profile.json, skills/context-engine/compliance-rules.md, restrictions.md, and others referenced in the 'Brand Context' section of SKILL.md.
Boundary markers: None. The agent is instructed to 'load and enforce' or 'apply' the content from these files without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill allows for local file system access (reading brand profiles) and shell command execution (via campaign-tracker.py).
Sanitization: There is no mention of validation, escaping, or sanitization of the content fetched from the brand-specific files before it is incorporated into the agent's prompt context.

paid-advertising