Skills
skills/indranilbanerjee/digital-marketing-pro/sop-library/Gen Agent Trust Hub

sop-library

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local script execution-tracker.py using the {slug} parameter provided by the user. If the brand slug is not strictly validated, it could serve as an entry point for command injection attacks.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection via user-provided SOP content and external script outputs.
  • Ingestion points: Untrusted data enters the system through user-provided SOP content (SKILL.md) and the execution evidence returned by execution-tracker.py.
  • Boundary markers: There are no explicit delimiters or instructions to the agent to disregard embedded commands in the processed data.
  • Capability inventory: The skill is capable of writing files to ~/.claude-marketing/sops/ and executing shell commands via the execution-tracker.py script.
  • Sanitization: No validation or sanitization of external content is mentioned before it is processed by the agent.
  • [DATA_EXFILTRATION]: The skill accesses sensitive local directories including ~/.claude-marketing/brands/ and ~/.claude-marketing/sops/. While no network activity was observed, the ability to read these configurations represents a data exposure risk.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 01:19 AM