technical-seo
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a local Python script named
campaign-tracker.pywith arguments dynamically generated from the session context.\n - Evidence: Found in
SKILL.md:python campaign-tracker.py --brand {slug} --action list-campaigns.\n - Risk: The
{slug}parameter is interpolated directly from the brand context. If not properly sanitized, this could lead to command injection if a brand slug contains malicious shell characters.\n- [DATA_EXFILTRATION]: The skill is configured to read potentially sensitive marketing data and compliance rules from a hidden directory in the user's home folder.\n - Evidence:
SKILL.mdcontains multiple references to paths such as~/.claude-marketing/brands/{slug}/profile.jsonand~/.claude-marketing/brands/{slug}/guidelines/_manifest.json.\n - Risk: This allows the agent to access user-specific configuration and marketing strategy files, which could be exposed if the agent is compromised.\n- [PROMPT_INJECTION]: The skill audit process involves ingesting data from external websites and server logs, which presents an attack surface for indirect prompt injection.\n
- Ingestion points: Data enters the context from "Website URL", search console reports, and "Log File Analysis".\n
- Boundary markers: Absent. The skill does not define clear delimiters or instructions to ignore embedded directives in the audited content.\n
- Capability inventory: The skill has file system access to the home directory and the ability to execute local Python scripts via subprocesses.\n
- Sanitization: Absent. There are no instructions for validating or sanitizing the content retrieved from external URLs or log files.
Audit Metadata