aeo-geo
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mdrequire the execution of a local Python script:python campaign-tracker.py --brand {slug} --action list-campaigns. The contents of this script are not provided within the skill package, making its behavior unverified. - [DATA_EXPOSURE]: The skill accesses local filesystem paths to retrieve brand information, including
~/.claude-marketing/brands/{slug}/profile.jsonand various files within~/.claude-marketing/brands/{slug}/guidelines/. While these are domain-specific paths, they contain sensitive brand and compliance data. - [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion process.
- Ingestion points: It reads brand profiles, restriction lists, and style guidelines (e.g.,
restrictions.md,channel-styles.md) from the local filesystem. - Boundary markers: The skill lacks explicit boundary markers or instructions to ignore potential commands embedded within the brand data files.
- Capability inventory: The agent can execute subprocesses via the
campaign-tracker.pyscript. - Sanitization: There is no evidence of sanitization or validation performed on the brand guidelines before they are used to influence the agent's output behavior.
Audit Metadata