aeo-geo
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instruction to run "python campaign-tracker.py --brand {slug} --action list-campaigns" targets a script not include d in the skill package. Dynamic ex e c u t i o n o f a n unverifie d loc a l script with ses s ion-derive d arguments pos es a risk o f comma n d injection.
- [DATA_EXFILTRATION]: The skill ac c es s es sensitive bra n d information store d in hid d en loc a l directories suc h as "~/.cla u d e-marketing/bra n ds/{slug}/profile.json". This direct file ac c es s pattern for private us er da t a increa s es the risk o f da t a ex p o s u r e.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion o f loc a l bra n d profiles an d guid elines.
- Ingestion points: Untruste d files loc a te d at "
/.cla u d e-marketing/bra n ds/{slug}/profile.json" an d "/.cla u d e-marketing/bra n ds/{slug}/guid elines/_manifest.json". - Bound ary markers: Ab s ent; there are no intructions for the agent to us e delimiters o r ignore potentially malic ious instructions within the bra n d da t a.
- Capability inventory: The agent ca n ex e c u t e shell comma n ds via the "python campaign-tracker.py" instruction.
- Sanitization: Ab s ent; the content for m ex terna l profiles is proc es s e d without valid ation o r sanitization, allowing it to influence agent behavior.
Audit Metadata