The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs users to add an external plugin from an untrusted GitHub repository: coreyhaines31/marketingskills. This source is not a recognized trusted vendor or well-known service.
[CREDENTIALS_UNSAFE]: The 'Project Context Discovery' section explicitly directs the agent to 'Review environment variables for analytics services' and 'Check for analytics service integrations in codebase.' This practice encourages the agent to access and potentially leak sensitive API keys or authentication tokens into its context or outputted reports.
[DATA_EXFILTRATION]: The skill is designed to aggregate high-value business data, including revenue, cost structures, and ROI metrics. While no explicit exfiltration command is present, the instructions to gather this data alongside the search for credentials increases the risk of unauthorized data transit.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external analytics platforms and project documentation that may contain adversarial instructions.
Ingestion points: Analytics platform data, project documentation files (.agents/SYSTEM/ARCHITECTURE.md, .agents/SYSTEM/SUMMARY.md), and environment variables.
Boundary markers: Absent. The skill provides no instructions to treat external data as untrusted or to use delimiters to prevent instruction override.
Capability inventory: The agent is authorized to read project files, access environment variables, and interact with discovered API endpoints.
Sanitization: None. There is no evidence of validation or filtering of the content retrieved from external analytics services.

analytics-expert