The Agent Skills Directory

[SAFE]: The skill operates entirely within the agent's text processing environment. It contains no instructions for external network calls, system commands, or privileged file operations.\n- [DATA_EXFILTRATION]: The skill references a local file ../../CLAUDE.md to load project context. This path is not among the sensitive directories typically targeted for credential theft and is consistent with standard development configurations for this type of agent skill.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted user-provided budget data. However, the risk is assessed as safe because the skill is incapable of executing actions; its output is restricted to providing a formatted audit report. Ingestion point: User input fields in 'Step 1' (SKILL.md). Boundary markers: Absent. Capability inventory: No external capabilities (exec/network/write) detected. Sanitization: Absent.

budget-adjustment-review