digital-pr
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes
python campaign-tracker.pywith brand-specific arguments. Because the script is not included in the skill's source files, its behavior is unverifiable and poses a significant security risk. - [DATA_EXFILTRATION]: The skill reads sensitive data from the local file system at
~/.claude-marketing/brands/, including brand profiles, compliance rules, and strategic guidelines. This exposes private configuration data to the model's context. - [REMOTE_CODE_EXECUTION]: The skill depends on an external script (
campaign-tracker.py) that is executed at runtime but not provided in the skill package, allowing the agent to perform operations outside the audited scope. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting untrusted data from local brand files. Evidence: (1) Ingestion points:
profile.json,restrictions.md,messaging.md; (2) Boundary markers: Absent; (3) Capability inventory: Subprocess calls viapython; (4) Sanitization: None identified.
Recommendations
- AI detected serious security threats
Audit Metadata