Skills
skills/indranilbanerjee/digital-marketing-pro/content-engine/Gen Agent Trust Hub

content-engine

Fail

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is instructed to run a local Python script campaign-tracker.py with the command python campaign-tracker.py --brand {slug} --action list-campaigns as part of its brand context application process.
  • [DATA_EXFILTRATION]: The skill accesses sensitive file paths within the user's home directory to retrieve brand information, specifically reading from ~/.claude-marketing/brands/{slug}/profile.json and ~/.claude-marketing/brands/{slug}/guidelines/_manifest.json. Accessing data in hidden application directories in the home folder is considered a high-risk data exposure.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting external data from the ~/.claude-marketing/ directory. It lacks boundary markers or sanitization logic when loading these profiles and guidelines, which are then used to enforce restrictions and influence agent output. This ingest-and-execute pattern (reading profiles and then running scripts) could be exploited if the profile data is compromised.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 8, 2026, 11:40 PM