marketing-automation
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the agent to execute a Python script (
campaign-tracker.py) with arguments derived from context variables. This script is not provided with the skill, making its operations unverifiable. Additionally, the use of a{slug}variable in the command string without explicit sanitization steps poses a risk of command injection. - [DATA_EXFILTRATION]: The skill accesses files within a hidden application directory (
~/.claude-marketing/) using a path constructed with the{slug}variable. The lack of path validation or sanitization for this variable could allow for directory traversal attacks, potentially exposing sensitive files if the agent is manipulated into reading from unauthorized paths. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external configuration and guideline files without security boundaries.
- Ingestion points: Reads data from
~/.claude-marketing/brands/{slug}/profile.json,_manifest.json, and associated markdown files such asrestrictions.mdandmessaging.md. - Boundary markers: None. There are no instructions to the agent to treat this external content as untrusted or to ignore any instructions embedded within it.
- Capability inventory: The skill is authorized to perform file system reads and execute subprocess commands via the
campaign-tracker.pyscript. - Sanitization: No validation or sanitization is performed on the ingested content before it is incorporated into the agent's reasoning and output generation.
Audit Metadata