claude-marketing-skills
Fail
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation process involves cloning a third-party repository from 'github.com/thatrebeccarae/claude-marketing.git'. This pulls unverified code and scripts into the local environment.
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to run multiple Python scripts (e.g., 'setup-paid-media.py', 'setup-ecommerce.py') from the downloaded repository to install skill packs. Executing scripts from an external, untrusted source is a significant security risk.
- [COMMAND_EXECUTION]: The documentation recommends using 'npx' to download and execute MCP servers from the npm registry (e.g., '@klaviyo/mcp-server-klaviyo'), which facilitates the execution of remote code at runtime.
- [DATA_EXFILTRATION]: The skill requires access to sensitive marketing credentials, including 'GA4_CREDENTIALS_PATH', which points to a local service account file. It also mandates the use of environment variables for 'GOOGLE_ADS_REFRESH_TOKEN', 'META_ACCESS_TOKEN', 'KLAVIYO_PRIVATE_KEY', and 'SHOPIFY_ACCESS_TOKEN'. The combination of reading these sensitive files/variables and performing network operations to marketing APIs constitutes a data exfiltration surface.
- [PROMPT_INJECTION]: The skill processes untrusted external data via features like 'brand-dna' (which extracts identity from a URL) and 'aeo-geo-optimizer' (which audits content). This creates a vulnerability to indirect prompt injection, where malicious instructions hidden in external web content or text could manipulate the agent's behavior.
- [EXTERNAL_DOWNLOADS]: Fetches marketing benchmarks and API schemas from an external source during the usage of various skills.
Recommendations
- AI detected serious security threats
Audit Metadata