digital-pr
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run 'python campaign-tracker.py --brand {slug} --action list-campaigns'. This script is not provided within the skill package, making its logic and safety unverifiable. (File: SKILL.md)
- [DATA_EXFILTRATION]: The skill directs the agent to read sensitive brand profile and guideline data from the user's home directory, specifically within the '~/.claude-marketing/brands/' directory. (File: SKILL.md)
- [PROMPT_INJECTION]: The skill ingests data from external brand profiles and guidelines to influence its output without implementing safety boundaries, creating an indirect prompt injection surface. (File: SKILL.md) 1. Ingestion points: Brand profiles at '~/.claude-marketing/brands/{slug}/profile.json' and guidelines such as 'restrictions.md' and 'messaging.md'. 2. Boundary markers: None; the skill does not use delimiters or instructions to ignore embedded commands in the ingested data. 3. Capability inventory: Shell command execution via the 'campaign-tracker.py' subprocess call. 4. Sanitization: None; the skill does not validate or sanitize external content before interpolation.
Audit Metadata