entity-audit
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script
geo-tracker.pywith arguments containing data retrieved from external platforms (SKILL.md, Step 6). This execution path handles unsanitized web content, which could lead to command injection if the script is not properly hardened.\n- [DATA_EXFILTRATION]: The skill accesses potentially sensitive local brand data, including profiles and guidelines, from the~/.claude-marketing/directory (SKILL.md, Step 1). This information is then processed and passed to the tracking script.\n- [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection.\n - Ingestion points: External data is ingested from Wikidata, Wikipedia, Google Knowledge Panels, and industry directories (SKILL.md, Steps 2, 3, 4, 5).\n
- Boundary markers: The instructions lack delimiters or explicit warnings to the agent to ignore embedded instructions in the scraped data.\n
- Capability inventory: The skill can execute the
geo-tracker.pycommand-line utility and generate detailed action plans.\n - Sanitization: There is no description of sanitization or filtering logic for the data processed from external sources.
Audit Metadata