anomaly-scan
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple local Python scripts (
performance-monitor.py,execution-tracker.py,campaign-tracker.py) using shell commands with interpolated variables like{slug}and{level}. This pattern creates a potential command injection surface if the brand slug or user-provided sensitivity levels are not properly sanitized.\n- [DATA_EXFILTRATION]: The skill accesses highly sensitive data, including revenue and transaction information from Stripe and Shopify, as well as brand profiles and standard operating procedures (SOPs) stored in the user's home directory (~/.claude-marketing/). While the data remains local or within the agent's context, the broad access to financial and identity data constitutes a significant exposure risk.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection by processing data from external marketing and analytics platforms (MCPs).\n - Ingestion points: Data from Google Analytics, Stripe, Shopify, and local brand configuration files (
profile.json,_manifest.json) enter the agent context in SKILL.md process steps 1 and 2.\n - Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are present to delimit the external data processing.\n
- Capability inventory: The agent has the ability to execute shell scripts (via performance-monitor.py, etc.) and write persistent 'insights' (via campaign-tracker.py) as described in process steps 3-9.\n
- Sanitization: No evidence of sanitization, escaping, or validation of the content retrieved from external platforms is present before it is used to determine probable causes or save insights.
Audit Metadata