technical-seo
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to run 'python campaign-tracker.py --brand {slug} --action list-campaigns'. This script is missing from the provided files, which creates a dependency on external, unverified code and presents a potential command injection risk through the '{slug}' parameter.
- [DATA_EXFILTRATION]: The skill attempts to read potentially sensitive marketing brand profiles, compliance rules, and campaign guidelines from the user's home directory at '~/.claude-marketing/'. Unauthorized access to or processing of these files could lead to data exposure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of auditing external websites.
- Ingestion points: Website URLs, CMS details, and performance reports (from Google Search Console or PageSpeed Insights) are ingested into the agent context in SKILL.md.
- Boundary markers: The instructions do not define clear delimiters or provide 'ignore embedded instructions' warnings for content fetched from audited sites.
- Capability inventory: The skill allows for local command execution via Python and significant file system access within the '~/.claude-marketing/' directory.
- Sanitization: There is no evidence of sanitization or validation of content retrieved from external website audits before it is processed.
Audit Metadata