The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted user data (KPI names, values, and business context) and interpolates it into structured reports. This creates a potential surface for indirect prompt injection where instructions embedded in the data could influence agent output.
Ingestion points: User-provided KPI metadata and metrics; scenario-level configuration from ../../CLAUDE.md.
Boundary markers: No explicit delimiters or protective instructions are used to isolate untrusted data within the templates.
Capability inventory: The skill is limited to text generation, report structuring, and data analysis; it does not perform network operations or execute shell commands.
Sanitization: No validation or sanitization of external data strings is specified.
[COMMAND_EXECUTION]: The skill instructions specify reading a configuration file from a relative parent directory (../../CLAUDE.md). While this is a common pattern for loading project context in certain development environments, it involves navigating the file system outside the immediate skill directory.
[SAFE]: The metadata contains a future last_reviewed date (2026-06), which appears to be a placeholder or versioning error rather than a deceptive attempt to bypass safety checks.

kpi-alert-handling