anomaly-scan
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts such as performance-monitor.py and execution-tracker.py using shell commands. It interpolates variables like {slug} and {level} directly into these commands. This pattern can lead to command injection if the variables are sourced from untrusted inputs without proper sanitization.
- [DATA_EXFILTRATION]: The skill reads from and writes to the ~/.claude-marketing/ directory to manage brand profiles, guidelines, and execution history. Accessing hidden configuration directories in the user's home folder represents a data exposure surface for sensitive marketing and brand information.
- [PROMPT_INJECTION]: The skill processes data from multiple external marketing platforms, creating an indirect prompt injection surface where instructions hidden in marketing data could influence agent behavior.
- Ingestion points: Data is pulled from various connected platforms including Google Analytics, Meta, and others in Step 2.
- Boundary markers: The instructions do not define clear boundaries or ignore directives for the data being processed from external APIs.
- Capability inventory: The skill can execute local scripts and modify campaign insights based on the analysis of external data.
- Sanitization: No explicit sanitization or validation logic is defined for the content retrieved from external marketing services.
Audit Metadata