The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted client input to generate a structured project brief and consultant assessment, creating a surface for indirect prompt injection where malicious instructions in the input could influence agent behavior.
Ingestion points: Free-form prose answers to 10 standard intake questions and 5-7 follow-up questions in SKILL.md.
Boundary markers: Absent. The instructions do not use delimiters or explicit 'ignore embedded instructions' warnings when interpolating client responses into the brief.
Capability inventory: While this skill does not perform direct file-system writes or network operations, it acts as an entry point that invokes and directs the execution of multiple downstream skills (e.g., financial projections, funding requests).
Sanitization: Absent. There is no evidence of validation, escaping, or filtering of the client-provided content.
[COMMAND_EXECUTION]: The skill dynamically determines which context file to load based on a user-provided variable, presenting a risk of path traversal or unauthorized instruction loading.
Evidence: The instruction "load the relevant country-context/{country}/SKILL.md before generating the brief" in SKILL.md uses unvalidated input to construct a file path.
Risk: An attacker could provide a value for '{country}' (e.g., '../../../path/to/sensitive/file') to attempt to load unauthorized configurations or bypass directory restrictions.

client-intake