add-integration
Fail
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill is designed to search for, recommend, and execute external code from the npm registry. It specifically generates configurations that use
npxto run these packages. This introduces a supply-chain risk where the agent might inadvertently execute malicious or typosquatted third-party code. - [DATA_EXFILTRATION]: The workflow requires reading from sensitive local directories, including
~/.claude-marketing/credentials/and~/.claude-marketing/brands/. These paths are documented as containing brand profiles and agency credential sets, which represent high-value targets for data exposure. - [COMMAND_EXECUTION]: The skill performs automated connectivity testing by starting MCP servers and executing tool operations. This involves running shell commands and performing network-connected operations based on dynamically discovered package configurations.
- [CREDENTIALS_UNSAFE]: The skill explicitly accesses dedicated credential management directories (
~/.claude-marketing/credentials/) to load and map authentication profiles for different brands. - [EXTERNAL_DOWNLOADS]: The skill queries the npm registry and other external MCP directories to evaluate and retrieve package metadata and configuration details at runtime.
Recommendations
- AI detected serious security threats
Audit Metadata