narrative-tracker
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes raw data from external AI platforms.
- Ingestion points: Step 2 explicitly captures the full response text from external engines like ChatGPT and Gemini into the agent's context for analysis.
- Boundary markers: There are no instructions provided to wrap the captured text in delimiters or to ignore any embedded commands within that content.
- Capability inventory: The skill possesses the ability to execute local scripts and read/write to specific directories in the home folder.
- Sanitization: The skill lacks any steps to sanitize, filter, or validate the content received from external AI platforms before it is used for scoring or recording.
- [COMMAND_EXECUTION]: The skill executes a local script
geo-tracker.pyvia the command line to store analyzed narrative data. The security of the operation depends on the contents of this external script which is not defined within the skill file. - [DATA_EXFILTRATION]: The process involves reading potentially sensitive business data, including brand positioning, target audience information, and messaging guidelines, from the
~/.claude-marketing/directory. While intended for brand analysis, this constitutes access to sensitive configuration files.
Audit Metadata