Skills
skills/indranilbanerjee/digital-marketing-pro/eval-content/Gen Agent Trust Hub

eval-content

Fail

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates user-controlled input {content} directly into a shell command string: scripts/eval-runner.py --brand {slug} --action run-full --text "{content}". This pattern allows for command injection if the input contains shell-active characters like backticks, semicolons, or command substitutions.
  • [PROMPT_INJECTION]: The skill exhibits a significant indirect prompt injection surface.
  • Ingestion points: Untrusted data enters the context via the main {content} input, the {evidence_file} JSON, and the custom {schema_file} (SKILL.md).
  • Boundary markers: No delimiters or "ignore embedded instructions" warnings are present to separate user data from the agent's instructions.
  • Capability inventory: The system executes a suite of Python scripts including eval-runner.py and quality-tracker.py which perform file reads, writes, and analysis (SKILL.md).
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the external content before it is passed to processing scripts or interpreted by the LLM.
  • [DATA_EXFILTRATION]: The skill accesses and reads sensitive brand profiles, guidelines, and agency SOPs located in the user's home directory path ~/.claude-marketing/ (SKILL.md).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 5, 2026, 10:13 AM