eval-config
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script
scripts/eval-config-manager.pywith arguments derived directly from user input. - Evidence: In
SKILL.md, step 4 of the Process section explicitly describes executingscripts/eval-config-manager.py --brand {slug} --action set-weights --weights '{weights_json}'and similar patterns for other actions. - Risk: Passing user-controlled variables like
{weights_json}or{overrides_json}inside single quotes to a shell command is vulnerable to argument injection. An attacker could provide a string containing a single quote followed by shell metacharacters (e.g.,'; touch /tmp/pwned; ') to achieve arbitrary command execution. - [DATA_EXPOSURE]: The skill reads various configuration files from the user's home directory.
- Evidence:
SKILL.mdmentions loading~/.claude-marketing/brands/_active-brand.json,~/.claude-marketing/brands/{slug}/profile.json,~/.claude-marketing/brands/{slug}/guidelines/_manifest.json, and~/.claude-marketing/sops/. - Risk: While these paths appear specific to the application, accessing structured data from the home directory constitutes a wide data exposure surface if the skill is manipulated into reading unintended files.
Audit Metadata