analytics-insights
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script to manage campaign history and context. This poses a risk if the parameters passed to the script, specifically the brand slug, are not properly sanitized against shell injection.
- Evidence: The file 'SKILL.md' contains the instruction: 'Run python campaign-tracker.py --brand {slug} --action list-campaigns'.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection vulnerability surface by loading instructions and constraints from brand-specific files. These files are treated as authoritative guidelines ('load and enforce') for the agent's output.
- Ingestion points: The agent reads 'profile.json', 'restrictions.md', 'channel-styles.md', 'messaging.md', and 'voice-and-tone.md' from the path '~/.claude-marketing/brands/{slug}/'.
- Boundary markers: No boundary markers or clear separators are specified to distinguish between the skill's core safety instructions and the externally loaded brand guidelines.
- Capability inventory: The skill has the ability to execute system commands via 'campaign-tracker.py'.
- Sanitization: There is no evidence of content validation or sanitization for the instructions loaded from the brand guideline files.
Audit Metadata