brand-setup
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
scripts/setup.py) to manage brand creation and switching. It passes user-provided data, such as brand names, directly into command-line arguments (--create-brand "[brand name]"), which could be exploited for command injection if the input is not properly escaped. - [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection (Category 8) due to its interactive data collection.
- Ingestion points: The skill collects unstructured user data for brand identity, mission statements, elevator pitches, and voice samples/URLs in SKILL.md.
- Boundary markers: No delimiters or defensive instructions are specified to prevent the agent from executing commands embedded within the user-provided marketing context.
- Capability inventory: The skill is capable of reading and writing files in the
~/.claude-marketing/directory and executing local subprocesses. - Sanitization: The instructions do not describe any sanitization, validation, or escaping of user-provided strings before they are stored or used as script arguments.
Audit Metadata