redirect-manager
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the ability to modify .htaccess files directly on WordPress servers. .htaccess is a critical configuration file; unauthorized or malicious modifications can lead to site-wide redirection, security bypasses, or denial of service.
- [COMMAND_EXECUTION]: Step 8 specifies the use of a local script named 'seo-executor.py' for logging. This script is an external dependency whose source is not provided in the skill package, representing an unverified execution point.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its bulk-import functionality. 1. Ingestion points: The skill imports redirect maps from external CSV files and Google Sheets. 2. Boundary markers: There are no defined delimiters or instructions for the agent to ignore potentially malicious content within the imported data. 3. Capability inventory: The skill can modify server configurations (.htaccess), execute local scripts (seo-executor.py), and interact with CMS APIs. 4. Sanitization: No sanitization or validation processes are mentioned for the imported URLs or patterns.
- [DATA_EXFILTRATION]: The skill reads sensitive local profile and brand context files from the ~/.claude-marketing/ directory. Because the skill also has network communication capabilities through CMS MCP servers, this combination facilitates a potential path for data exfiltration of local brand data.
Audit Metadata