ads-dna
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
~/.claude/skills/ads/scripts/capture_screenshot.pyusing a user-supplied URL as a command-line argument. Passing unsanitized user input directly to a shell command is a known risk for command injection. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external websites without using boundary markers or sanitization logic.
- Ingestion points: External URLs provided by the user during the brand analysis process (SKILL.md Step 2).
- Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the agent to ignore instructions embedded in the fetched content.
- Capability inventory: The skill can execute local Python scripts (
python) and write files to the local file system (brand-profile.jsonand images). - Sanitization: Absent. There is no evidence of validation or filtering for the content retrieved from the external URLs.
- [EXTERNAL_DOWNLOADS]: The skill fetches content from arbitrary external URLs and suggests the installation of Playwright components from official sources.
Audit Metadata