The Agent Skills Directory

[NO_CODE]: The skill consists entirely of markdown templates and natural language instructions. No Python scripts, Node.js code, or shell commands are included in the skill package.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it is designed to ingest and process untrusted data.
Ingestion points: The skill reads project-level configuration from ../../CLAUDE.md and processes user-supplied KPI metrics and business descriptions.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its instructions and the data being analyzed, which could allow malicious data to influence agent behavior.
Capability inventory: No dangerous capabilities such as file writing, network operations, or subprocess execution were found in the skill.
Sanitization: The skill does not perform any validation or sanitization of the input data before processing it.

kpi-root-cause-analysis