import-guidelines
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script
guidelines-manager.pyusing interpolated variables{slug}and{category}. If these values are derived from untrusted user input without strict validation, an attacker could potentially perform command injection or access files outside the intended directory via path traversal (e.g., using../in a brand name). - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted user data to create 'guidelines' that are automatically applied to other AI modules.
- Ingestion points: User-provided 'Pasted guideline content' and 'Verbal description' as defined in the Input Required section of
SKILL.md. - Boundary markers: No explicit boundary markers or 'ignore' instructions are mentioned for the saved markdown content.
- Capability inventory: The skill has the capability to write files to the local filesystem (
~/.claude-marketing/) and execute a Python script (guidelines-manager.py). - Sanitization: There is no evidence of sanitization, filtering, or validation of the input content to ensure it does not contain malicious instructions intended to hijack the agent's logic when the guidelines are loaded later.
Audit Metadata