growth-engineering
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local script using the command
python campaign-tracker.py --brand {slug} --action list-campaigns. Since the script file is not provided in the skill payload, its functionality and security cannot be verified, posing a risk of arbitrary command execution if the script is malicious or improperly secured. - [DATA_EXFILTRATION]: The skill accesses several files within the
~/.claude-marketing/directory, which is a hidden folder in the user's home directory. These files, such asprofile.jsonand various brand guidelines, are considered sensitive as they may contain proprietary business data or user-specific configurations. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of external brand configuration data.
- Ingestion points: Files located at
~/.claude-marketing/brands/{slug}/guidelines/(e.g.,restrictions.md,messaging.md). - Boundary markers: The skill lacks explicit delimiters or instructions to treat the content of these files as data rather than instructions.
- Capability inventory: The skill has the capability to read local files and execute system commands via the Python interpreter.
- Sanitization: There is no evidence of content sanitization or validation for the brand-specific markdown and JSON files before they are processed by the agent.
Audit Metadata