The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses string interpolation to build SQL queries against internal databases (e.g., ILIKE '%<name>%' and WHERE organization_id = '<org_id>'). This pattern is susceptible to SQL injection if the customer name or ID inputs are not properly sanitized.
[DATA_EXFILTRATION]: The skill collects highly sensitive information, including trailing 12-month spend, MRR, product mix, private Slack messages, and Gmail threads. It then uses the Exa tool to perform external web searches. This creates a data flow where sensitive internal context could be leaked to an external service through the search queries.
[PROMPT_INJECTION]: The skill processes untrusted data from Slack, Gmail, and Granola meeting transcripts to identify 'confounding variables.' There are no boundary markers or instructions to treat this content as untrusted, making the agent vulnerable to indirect prompt injection attacks where a customer or external sender could influence the agent's logic or output.
Ingestion points: Slack channels/DMs, Gmail threads, and Granola transcripts (Workflow Step 3).
Boundary markers: None identified.
Capability inventory: SQL query execution, Slack/Gmail reading, Exa web search, and generating draft communications.
Sanitization: No sanitization or validation of the external content is specified before processing.

monthly-to-annual