roi-calculator
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
python campaign-tracker.py --brand {slug} --action list-campaignswhere the{slug}parameter is dynamically loaded from~/.claude-marketing/brands/_active-brand.json. If the contents of this file are manipulated or if the slug is derived from unsanitized user input, it could lead to arbitrary command execution or argument injection. - [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by loading instructions, restrictions, and voice-and-tone guidelines from external files like
guidelines/_manifest.jsonand brand profile JSONs. This creates a vulnerability where malicious content within these data files could influence the agent's behavior during the execution of the ROI analysis. - [PROMPT_INJECTION]: Indirect Prompt Injection Evidence Chain:
- Ingestion points:
~/.claude-marketing/brands/_active-brand.json,~/.claude-marketing/brands/{slug}/profile.json, andguidelines/_manifest.json. - Boundary markers: Absent. The skill does not define delimiters to separate data from instructions.
- Capability inventory: Subprocess execution (
python campaign-tracker.py,scripts/roi-calculator.py) and file system read/write access. - Sanitization: None described. The agent is instructed to directly apply the context and rules found in the files.
Audit Metadata