keyword-research
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs subprocess calls using 'python campaign-tracker.py' and 'scripts/keyword-clusterer.py'. It passes user-supplied inputs such as 'seed keywords' and 'competitor domains' as command-line arguments, which poses a risk of shell command injection if the inputs are not properly escaped or validated.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) during the processing of external content.
- Ingestion points: Processes user-provided keywords and URLs for 'Existing content inventory' and 'Competitor domains'.
- Boundary markers: The skill lacks explicit delimiters or specific instructions for the agent to ignore malicious commands embedded within the ingested data.
- Capability inventory: The agent has the capability to execute Python scripts and access brand-specific profile files.
- Sanitization: No evidence of input sanitization, filtering, or validation is provided for the input parameters before they are used in prompts or script execution.
- [DATA_EXFILTRATION]: The skill accesses sensitive marketing data and brand profiles located at '~/.claude-marketing/brands/'. Accessing files in the user's home directory expands the data footprint accessible to the agent and increases the impact if an exploit allows for the unauthorized reading of brand strategies or internal guidelines.
Audit Metadata