multilingual-score
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow involves executing multiple local Python scripts (
language-router.py,eval-runner.py,brand-voice-scorer.py) that are not included within the skill package, creating a dependency on external, unverified executables. - [COMMAND_EXECUTION]: In Step 4, the variable
{translated_content}is directly interpolated into a command-line string:brand-voice-scorer.py --brand {slug} --text "{translated_content}". Since this input can be sourced from arbitrary URLs or user-provided text, it is highly susceptible to shell command injection (e.g., using characters like;,&&, or|). - [DATA_EXFILTRATION]: The skill accepts URLs as input for both 'Original content' and 'Translated content'. This allows the agent to make outbound network requests to attacker-controlled servers, which could be used for Server-Side Request Forgery (SSRF) or to leak internal data.
- [DATA_EXFILTRATION]: The process explicitly reads from several paths in the user's home directory (
~/.claude-marketing/), including_active-brand.json,profile.json,_manifest.json, and agency SOPs. Accessing hidden or application-specific directories in the home folder is a characteristic of sensitive data exposure. - [REMOTE_CODE_EXECUTION]: The combination of fetching data from remote URLs and then using that data in a shell command interpolation (
{translated_content}) facilitates a remote code execution vector where an external source can dictate the commands run on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata