local-seo
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill triggers the execution of a local Python script
campaign-tracker.pyusing dynamic arguments. Specifically, it executespython campaign-tracker.py --brand {slug} --action list-campaigns. This creates a command injection vulnerability if the{slug}variable, which is often derived from user-provided brand names, is not strictly validated. - [DATA_EXFILTRATION]: The skill accesses sensitive brand configuration and profile files located in the
~/.claude-marketing/hidden directory. It uses dynamic path construction (e.g.,~/.claude-marketing/brands/{slug}/profile.json), which could potentially be exploited for directory traversal if the{slug}variable is manipulated to point to files like~/.ssh/id_rsa. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of external, attacker-controllable data.
- Ingestion points: The skill ingests business names, addresses, and customer reviews during the Local SEO Audit workflow defined in
SKILL.md. - Boundary markers: The skill does not employ delimiters or system instructions to ignore embedded commands in the processed data.
- Capability inventory: The skill has the capability to read local files and execute shell commands.
- Sanitization: There is no evidence of sanitization or escaping of input data before it is processed or used in script parameters.
- [REMOTE_CODE_EXECUTION]: The script
campaign-tracker.pyreferenced inSKILL.mdis an unverifiable local dependency. Its internal logic and security posture cannot be determined from the provided files, posing a risk if it handles inputs insecurely.
Audit Metadata