eval-content
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple local scripts (e.g.,
scripts/eval-runner.py,scripts/quality-tracker.py) via shell commands. It interpolates user-provided content into command-line arguments (e.g.,--text "{content}"), which poses a command injection risk if the input is not properly sanitized before execution. - [PROMPT_INJECTION]: The skill processes untrusted external data, creating an indirect prompt injection surface. Ingestion points: Untrusted data enters via the content-to-evaluate, evidence JSON files, and custom schemas. Boundary markers: There are no defined boundary markers or instructions for the agent to ignore embedded instructions in the processed content. Capability inventory: The skill has the ability to run subprocesses via the eval scripts and read from the local filesystem. Sanitization: There is no evidence of sanitization or validation for the input content or JSON files.
- [DATA_EXFILTRATION]: The skill accesses files within the user's home directory (
~/.claude-marketing/brands/), including brand profiles, active configurations, and guidelines. While this data is used for the evaluation process, it represents access to potentially sensitive local configuration files.
Audit Metadata