intelligence-report
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses variables directly in shell command strings. Specifically, in process step 4, the command
intelligence-graph.py export-playbook --brand {slug} --scenario {scenario}is executed, where the{scenario}variable is taken directly from the user's 'Playbook request' input without evidence of sanitization. This is a potential vector for command injection. - [COMMAND_EXECUTION]: The variable
{slug}is loaded from a local configuration file (_active-brand.json) and used as an argument across multiple CLI calls (steps 2, 3, and 4). If this local file is maliciously modified, it could lead to unauthorized command execution. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8).
- Ingestion points: The skill reads external content from brand profiles, guidelines (
_manifest.json), and agency SOPs located in the~/.claude-marketing/directory. - Boundary markers: There are no boundary markers or explicit instructions to the agent to ignore embedded commands within these external files.
- Capability inventory: The skill has the capability to execute shell commands and read local files.
- Sanitization: No sanitization or validation of the ingested brand data or the user-provided scenario is mentioned before these values are passed to shell commands.
Audit Metadata