Skills
skills/indranilbanerjee/digital-marketing-pro/prompt-test/Gen Agent Trust Hub

prompt-test

Fail

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes Python scripts via the shell using string interpolation for user-provided variables (e.g., python scripts/prompt-ab-tester.py --test-name "{name}"). If a user provides an input such as mytest"; touch /tmp/pwned; ", it would result in arbitrary command execution on the local system.
  • [DATA_EXFILTRATION]: The skill systematically accesses files in the ~/.claude-marketing/ directory, including profile.json, _active-brand.json, and guidelines/_manifest.json. This exposes proprietary brand data, messaging hierarchies, and agency SOPs to the agent context.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted content provided by the user.
  • Ingestion points: The content_or_path and evidence_file variables in SKILL.md are used to feed external data into the evaluation process.
  • Boundary markers: None are present; there are no instructions to the agent to disregard instructions embedded within the content being tested.
  • Capability inventory: The skill performs subprocess calls to scripts/eval-runner.py and scripts/prompt-ab-tester.py and utilizes the quality-assurance and content-creator agents to process the data.
  • Sanitization: No sanitization or escaping of the input content is described before it is passed to the scripts or agents.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 01:02 PM