The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources to generate its documentation reports.
Ingestion points: The skill reads configuration from ../../CLAUDE.md (related party lists, TP methodology) and processes user-supplied arguments (report year, deadlines).
Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the ingested data.
Capability inventory: No dangerous capabilities (subprocess, eval, network) were detected in this skill.
Sanitization: Absent; the external content is interpolated directly into the documentation workflow.
[DATA_EXFILTRATION]: The skill instructions require reading a file (../../CLAUDE.md) located outside the skill's own directory structure. While common in some agent environments for loading context, accessing files via directory traversal paths is a data exposure risk pattern.

transfer-pricing-documentation-master