sop-library
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local command-line tool using user-provided input. * Evidence: The 'CHECK-COMPLIANCE' process step calls 'execution-tracker.py --brand {slug} --action list'. * Risk: If the '{slug}' variable (Brand slug) is not strictly validated, it could serve as a vector for command injection attacks.
- [DATA_EXFILTRATION]: The skill interacts with the local filesystem to manage SOP and brand data. * Evidence: Read and write operations occur in '
/.claude-marketing/brands/' and '/.claude-marketing/sops/'. * Context: This behavior is aligned with the skill's function to store and retrieve agency standard operating procedures. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external JSON data. * Ingestion points: The skill reads SOP content from '
/.claude-marketing/sops/' and brand profiles from '/.claude-marketing/brands/'. * Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing this data. * Capability inventory: The skill has the ability to write files to the local directory and execute the 'execution-tracker.py' script. * Sanitization: There is no documented sanitization or validation of the contents of the SOP or brand profile files before they are processed.
Audit Metadata