validate-output
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local script
scripts/output-validator.pyby interpolating user-provided content ({content}) and schema paths ({schema_name_or_path}) directly into a command string. This pattern is susceptible to shell command injection if the input contains malicious metacharacters.\n- [DATA_EXFILTRATION]: The skill reads multiple configuration and profile files from the~/.claude-marketing/directory in the user's home folder. This expands the agent's read access to potentially sensitive local data beyond the project workspace.\n- [PROMPT_INJECTION]: The skill processes untrusted data for structural validation without implementing sanitization or boundary markers, creating a surface for indirect prompt injection.\n - Ingestion points: User-provided content for validation (SKILL.md)\n
- Boundary markers: Absent\n
- Capability inventory: Shell command execution via local Python script\n
- Sanitization: Absent
Audit Metadata