learn
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script named 'intelligence-graph.py' to query and save learnings. User-provided input, including the insight text and context conditions, is passed to this script. This execution flow represents a risk of command injection if the underlying system does not properly escape these inputs before shell execution.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through the ingestion of marketing insights and evidence.
- Ingestion points: User-provided 'Insight or learning' and 'Supporting evidence' (SKILL.md).
- Boundary markers: None; the process description lacks explicit delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: Execution of 'intelligence-graph.py' and filesystem access to the '~/.claude-marketing/' directory.
- Sanitization: The skill describes 'metadata normalization' for taxonomic consistency, but does not specify any security-focused sanitization to prevent malicious instructions from being stored or interpreted by downstream agents.
Audit Metadata