digital-marketing-pro-claude-plugin
Warn
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is distributed through a third-party marketplace and a personal GitHub repository (
indranilbanerjee/digital-marketing-pro) that are not verified trusted sources.\n- [COMMAND_EXECUTION]: The plugin includes 70 execution scripts used for tasks like analytics and research. Executing code from an unverified source represents a potential security risk.\n- [PROMPT_INJECTION]: The skill ingests untrusted data from target URLs during SEO audits and external files (PDF/DOCX) during brand profiling. This data is used to generate marketing content and strategies, which could be leveraged for indirect prompt injection.\n - Ingestion points: Target URLs in
/seo-auditand document imports in/import-guidelines.\n - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are documented for processing ingested data.\n
- Capability inventory: Writing files to the local home directory (
~/.claude-marketing/) and making network requests via various integrated marketing APIs.\n - Sanitization: The documentation does not describe any sanitization or validation of external data before processing.\n- [DATA_EXFILTRATION]: The skill requests and manages API keys for numerous marketing platforms (Google Ads, HubSpot, etc.). While functional, the central collection of these credentials and access to local brand data creates a significant data exposure risk.
Audit Metadata