import-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface. It ingests untrusted content from user input or remote URLs and incorporates it into a persistent 'brand knowledge layer' used to guide future agent actions. Malicious guidelines could contain instructions designed to persistently influence or redirect the agent's behavior.
- Ingestion points: Pasted guideline content, verbal descriptions, and remote source document URLs.
- Boundary markers: The skill does not specify the use of delimiters or instructions to ignore embedded commands within the ingested content.
- Capability inventory: The skill reads/writes to brand profile directories (~/.claude-marketing/brands/) and executes a local Python management script.
- Sanitization: No sanitization or validation of the ingested guideline content is described beyond structuring it into markdown categories.
- [COMMAND_EXECUTION]: The skill executes a local utility script (guidelines-manager.py) to manage the saving and merging of guideline files on the local file system.
- [EXTERNAL_DOWNLOADS]: The skill can fetch brand guidelines from arbitrary URLs provided by the user, potentially accessing untrusted external sources.
Audit Metadata