The Agent Skills Directory

[SAFE]: No evidence of prompt injection, data exfiltration, or unauthorized command execution was found. The skill primarily serves as a template-based guide for business process auditing.
[DATA_EXPOSURE]: The skill attempts to read ../../CLAUDE.md to load project-level configuration (e.g., SOX framework, evidence standards). This is a standard pattern for context-sharing in project-specific agent environments and does not target sensitive system credentials or private user files.
[INDIRECT_PROMPT_INJECTION]: While the skill ingests business process data to generate reports, it lacks the capabilities (such as code execution or network requests) that would make such injection actionable. The output is limited to formatted text within the agent's response context.

sox-control-design