The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands by directly interpolating user-provided variables such as {content_or_path}, {source_content}, and {translated_content} into Python execution strings (e.g., in Step 2, 6, and 9). This allows an attacker to execute arbitrary code on the host system by including shell metacharacters in the input text.
[DATA_EXFILTRATION]: The skill accesses sensitive file paths within the user's home directory (~/.claude-marketing/), including brand profiles, active brand configurations, and agency SOPs. These files likely contain proprietary business information and internal guidelines.
[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection. 1. Ingestion points: User-provided marketing content enters the agent context in SKILL.md Step 2. 2. Boundary markers: Absent; the content is interpolated into commands and prompts without delimiters or instructions to ignore embedded commands. 3. Capability inventory: The skill has subprocess execution capabilities (python scripts), file system access, and network access via multiple MCP servers (DeepL, Google Cloud, etc.). 4. Sanitization: No validation, escaping, or filtering of external content is performed before it is processed by the agent or passed to scripts.

translate-content