reputation-management
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
SKILL.mdrequire the execution of a local Python scriptcampaign-tracker.pywith the parameter--brand {slug}. This dynamic parameter insertion poses a risk of command injection if the{slug}variable is not strictly validated. - [DATA_EXFILTRATION]: The agent is directed to read brand profiles and guidelines from the user's home directory (e.g.,
~/.claude-marketing/brands/{slug}/profile.json). Accessing the~/path is a data exposure risk, though it appears necessary for the skill's stated marketing automation purpose. - [PROMPT_INJECTION]: The skill processes untrusted data from external sources (customer reviews), making it susceptible to indirect prompt injection. 1. Ingestion points: Customer feedback and sentiment data from external review platforms like Google, Yelp, and G2. 2. Boundary markers: The skill does not implement delimiters or ignore-instructions logic for these inputs. 3. Capability inventory: The skill can read local files and execute Python scripts. 4. Sanitization: No sanitization or validation of the external review content is mentioned in the skill instructions.
Audit Metadata