The Agent Skills Directory

[SAFE]: The skill performs customer value analysis using the RFM (Recency, Frequency, Monetary) model. It utilizes trusted open-source libraries (pandas, scikit-learn, matplotlib) to process local CSV data. All operations, including K-means clustering and visualization generation, occur within the local environment without unauthorized network access or sensitive file exposure.
[PROMPT_INJECTION]: The skill ingests untrusted external data from CSV files and interpolates that data into generated reports and VIP lists. While this is the intended purpose of the tool, it constitutes an indirect prompt injection surface if the input data contains malicious strings meant to influence the agent's behavior during subsequent processing of the results.
Ingestion points: core_analysis.py (load_and_clean_data) and simple_rfm.py (load_data).
Boundary markers: None found in the markdown report generation logic.
Capability inventory: The skill has Write and Bash permissions to create reports and execute analysis scripts locally.
Sanitization: Data cleaning is limited to numerical validation (quantity and price) and does not include sanitization of text fields against markdown or prompt injection.

rfm-customer-segmentation