check
Warn
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's documentation instructs the agent to construct and execute shell commands via the
Bashtool that include placeholders for user-supplied data, such as file paths, brand slugs, and marketing content. This pattern creates a significant risk for command injection if the inputs are not properly sanitized or escaped before the shell command is executed. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and process untrusted external data.
- Ingestion points: Marketing content files, inline text snippets, and JSON evidence files referenced in
SKILL.md. - Boundary markers: None; there are no instructions to use delimiters or ignore potentially malicious instructions embedded within the marketing copy being analyzed.
- Capability inventory: The skill possesses the ability to execute shell commands via the
Bashtool to run its evaluation suite. - Sanitization: The instructions do not specify any sanitization, validation, or escaping of the ingested content before it is passed to the execution scripts.
Audit Metadata