The Agent Skills Directory

[DATA_EXFILTRATION]: The skill instructions include a command to read ../../CLAUDE.md to fetch scenario-level configurations. This relative path traversal accesses a file two levels above the skill's root directory, potentially exposing project-wide configuration or metadata to the agent's context.
[PROMPT_INJECTION]: The skill acts on data retrieved from external and potentially untrusted sources (ERP and DOC systems).
Ingestion points: Retrieves configuration from ../../CLAUDE.md and evidentiary data from ERP and document repositories.
Boundary markers: There are no explicit instructions or delimiters provided to the agent to differentiate between the skill's logic and the content within the collected audit documents, making it susceptible to instructions embedded within those documents.
Capability inventory: The skill is limited to reading data and generating reports; it does not contain scripts for file system modification, network transmission, or shell command execution.
Sanitization: There is no evidence of sanitization or validation of the input data processed during the audit reconciliation and reporting steps.

audit-evidence-collection