verify-claims
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill processes user-supplied content by interpolating the
{content}variable directly into a shell command:scripts/claim-verifier.py --action extract-claims --text "{content}". This pattern is susceptible to command injection if the input contains shell metacharacters or escape sequences, potentially allowing arbitrary code execution on the host system. - [DATA_EXFILTRATION]: The skill accepts a 'file path' as a valid input for content verification. This creates a vulnerability to Local File Inclusion (LFI), where an attacker could specify paths to sensitive files (e.g., credentials or system configurations) to be read and processed by the agent. The skill also explicitly reads from the
~/.claude-marketing/directory, which may store sensitive brand or configuration data. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted marketing content through the quality-assurance agent.
- Ingestion points: Content provided as inline text, pasted blocks, or file paths in Step 2 and Step 3.
- Boundary markers: No delimiters or specific instructions to ignore embedded commands are present in the process description.
- Capability inventory: The skill has the capability to execute local Python scripts (
scripts/claim-verifier.py) and read from the local file system (~/.claude-marketing/). - Sanitization: There is no evidence of input sanitization or validation before the untrusted content is passed to the subprocess or the agent context.
Audit Metadata