reputation-management
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script
campaign-tracker.pyvia the Python interpreter to retrieve campaign lists. This script is not provided in the skill package and is expected to be part of the host environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of external customer reviews.
- Ingestion points: Customer reviews are read from third-party platforms like Google, Yelp, and G2, as specified in
SKILL.md. - Boundary markers: No specific delimiters or safety instructions are defined to encapsulate untrusted review text within the prompt context.
- Capability inventory: The skill can execute shell commands (
campaign-tracker.py) and access local brand profiles and guidelines stored in~/.claude-marketing/. - Sanitization: The skill relies on natural language instructions for 'tone checks' and 'legal triggers' rather than programmatic sanitization of external content.
Audit Metadata