Skills
skills/agricidaniel/claude-ads/ads-dna/Gen Agent Trust Hub

ads-dna

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script using a shell command with a user-provided URL as an argument.
  • Evidence: The process in SKILL.md step 2b explicitly calls python ~/.claude/skills/ads/scripts/capture_screenshot.py [url].
  • Risk: A maliciously crafted URL containing shell metacharacters (e.g., https://example.com; rm -rf /) could lead to arbitrary command execution when the agent invokes the script.
  • [PROMPT_INJECTION]: The skill possesses a broad attack surface for indirect prompt injection as it processes data from arbitrary external websites.
  • Ingestion points: Data enters the agent context through the WebFetch tool, which retrieves text, styles, and metadata from user-provided URLs.
  • Boundary markers: Absent. There are no instructions to use delimiters or ignore embedded prompts within the fetched content.
  • Capability inventory: The skill can execute shell scripts (screenshot capture), perform network requests (WebFetch), and write files to the current directory (brand-profile.json).
  • Sanitization: No sanitization or validation logic is defined to check the fetched website content for malicious instructions before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 01:38 PM
Security Audit — agent-trust-hub — ads-dna