The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the agent to use WebFetch to download SKILL.md files from the vendor's official GitHub repository (github.com/sales-skills/sales). This is a legitimate functional requirement to gather context for related skills (e.g., /sales-mailshake, /sales-klaviyo) before recommending them to the user. Since these downloads target the author's own verified infrastructure for documentation purposes, the activity is considered safe.
[COMMAND_EXECUTION]: The documentation mentions the command npx skills add sales-skills/sales --skill sales-do. This is the standard installation procedure for the vendor's router skill and does not represent an unauthorized or malicious command execution.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting external content through WebFetch to inform its logic.
Ingestion points: External SKILL.md files retrieved from raw.githubusercontent.com/sales-skills/sales/ (as described in SKILL.md).
Boundary markers: Absent; the skill does not specify the use of delimiters or 'ignore' instructions for the fetched content.
Capability inventory: The skill uses WebFetch and Read to gather context and recommends specific CLI installation commands and platform configurations.
Sanitization: Absent; the content is fetched and read directly to inform the agent's recommendation strategy.

sales-data-hygiene