geo-monitor
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local Python script
geo-tracker.pyusing subcommandsaudit-visibilityanddiff. This script is not included in the provided skill files, representing an unverified dependency execution. - [DATA_EXFILTRATION]: The skill accesses sensitive brand configuration and profile data located at
~/.claude-marketing/brands/. While these paths are application-specific, the ingestion of local file content into the agent's context poses a risk of exposure. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from external sources.
- Ingestion points: Full response text is retrieved from external AI engines including ChatGPT, Perplexity, Gemini, AI Overviews, and Copilot (Process Step 3).
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified when processing these external responses.
- Capability inventory: The agent has the capability to execute shell commands (
geo-tracker.py) and read/write files in the~/.claude-marketing/directory. - Sanitization: There is no evidence of sanitization or filtering of the external AI responses before they are analyzed for narrative alignment.
Audit Metadata