ai-marketing-claude-code-skills
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone a repository from
https://github.com/BrianRWagner/ai-marketing-claude-code-skills.gitand execute shell scripts contained within it. - [COMMAND_EXECUTION]: The installation process involves running multiple shell scripts including
bash scripts/install.sh,bash scripts/convert.sh, andbash scripts/list-skills.sh, which perform file system operations and platform detection. - [PROMPT_INJECTION]: The skill is designed to ingest and process data from external sources such as Reddit, YouTube transcripts, and web searches. This creates an indirect prompt injection surface where malicious instructions embedded in the researched content could influence the agent's behavior.
- Ingestion points: External research tools fetching content from Reddit, X, and YouTube transcripts.
- Boundary markers: Not explicitly mentioned in the framework instructions.
- Capability inventory: Includes file system access (writing skills to platform directories) and shell execution (installation scripts).
- Sanitization: No specific sanitization or filtering logic is described for the content retrieved from external sources.
Audit Metadata