agentkits-marketing-automation
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto install its components from the@aitytech/agentkits-marketingnpm package and suggests cloning a repository fromgithub.com/aitytech/agentkits-marketing.git. - [COMMAND_EXECUTION]: Manual installation steps involve copying files into platform-specific configuration directories (e.g.,
~/.claude/agents/,~/.claude/commands/), which affects the local environment of the AI assistant. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection attack surface.
- Ingestion points: Commands such as
/seo:audit,/competitor:deep, and/campaign:analyzeinSKILL.mdingest untrusted data from external URLs and local files. - Boundary markers: There are no explicit boundary markers or warnings to disregard instructions embedded in the external content being processed.
- Capability inventory: The skill has capabilities for network operations and file system access as detailed in the installation and integration sections of
SKILL.md. - Sanitization: The documentation does not specify any sanitization, escaping, or validation of data retrieved from external sources before processing.
Audit Metadata