audience-intelligence
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mdspecify executing a local Python script via the commandpython campaign-tracker.py --brand {slug} --action list-campaigns. The{slug}variable is interpolated directly into the shell command without evidence of validation or sanitization, which could lead to command injection if an attacker can manipulate the brand name or slug.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its workflow of ingesting and processing untrusted data from external sources.\n - Ingestion points: The skill reads brand profiles and guidelines from
~/.claude-marketing/and is designed to process external research data such as CRM exports, survey results, and interview transcripts.\n - Boundary markers: There are no markers or delimiters defined to help the agent distinguish between data and instructions within the ingested files.\n
- Capability inventory: The agent possesses capabilities to read/write files and execute shell commands (via Python).\n
- Sanitization: There is no mention of sanitization, escaping, or validation of the content within the data files or external research inputs.\n- [EXTERNAL_DOWNLOADS]: The skill references multiple external files and a script (
campaign-tracker.py) that are not included in the provided package. This creates a dependency on unverified external code and configurations, the security of which cannot be evaluated from the skill's own file set.
Audit Metadata