Skills
skills/acaprino/alfio-claude-plugins/brand-naming/Gen Agent Trust Hub

brand-naming

Pass

Audited by Gen Agent Trust Hub on May 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Attack Surface. The skill is designed to automatically scan and ingest data from untrusted project files (e.g., README.md, package.json, marketing copy) to infer business context.
  • Ingestion points: The skill explicitly instructs the agent to use Read, Glob, and Grep tools on various project files and directories (such as .planning/) during the initial 'Project Context Scan'.
  • Boundary markers: There are no instructions to use delimiters or 'ignore' instructions within the scanned project content, increasing the risk that the agent might follow malicious instructions embedded in those files.
  • Capability inventory: The agent has access to powerful tools including WebSearch, WebFetch, and the ability to execute shell commands via a python script.
  • Sanitization: No validation or sanitization of the project file content is specified before the data is used to generate names or influence tool parameters.
  • [COMMAND_EXECUTION]: Execution of local script dependency. The skill includes a specific instruction to execute a Python script located at ${CLAUDE_PLUGIN_ROOT}/skills/domain-hunter/scripts/domain_checker.py.
  • Mechanism: It uses a shell command to pass generated brand names as arguments to the script.
  • Risk: Since the brand names are derived from untrusted project context, there is a risk of command injection if the project files contain malicious payloads that the agent inadvertently passes as arguments to the shell execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 10, 2026, 03:14 AM