counter-narrative
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the 'Evidence' input field which accepts URLs and content from external competitor sources.
- Ingestion points: Competitor URLs, press releases, and social media artifacts provided in the 'Evidence' field.
- Boundary markers: Absent. No specific instructions are provided to the agent to treat this external content as untrusted or to ignore embedded instructions.
- Capability inventory: The skill reads sensitive local brand data from '~/.claude-marketing/' and executes a local script 'narrative-mapper.py'.
- Sanitization: No evidence of sanitization or filtering of the external content before it is processed for analysis.
- [COMMAND_EXECUTION]: The skill executes a local script 'narrative-mapper.py' with the 'generate-counter' argument to determine the strategy. While this is a vendor-provided tool, execution of local scripts involves a degree of trust in the author.
- [DATA_EXFILTRATION]: The skill accesses sensitive brand information stored in the user's home directory ('~/.claude-marketing/brands/'). This includes brand profiles, differentiators, and messaging guidelines. While no direct network exfiltration is identified, this data is loaded into the agent's context alongside potentially malicious external data from the 'Evidence' URLs.
Audit Metadata