import-sop
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill process involves executing a local Python script (guidelines-manager.py) using shell-style interpolation of user-supplied variables {name} and {content}. This direct use of raw user input in a command-line argument creates a risk of command injection if the input contains shell metacharacters like semicolons or pipes.
- [PROMPT_INJECTION]: The skill processes untrusted external data (SOP content) to classify and structure it, which presents an indirect prompt injection surface.
- Ingestion points: Untrusted user input is accepted as SOP content and SOP names.
- Boundary markers: Absent; the instructions do not specify the use of delimiters or instructions for the agent to ignore instructions embedded within the provided SOP data.
- Capability inventory: The skill is capable of subprocess execution via the guidelines-manager script and direct file writing to the ~/.claude-marketing/ directory.
- Sanitization: Absent; there is no evidence of validation, escaping, or filtering of user-provided content before it is used in command execution or file operations.
Audit Metadata