content-repurpose
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute a local Python script named
campaign-tracker.pyto retrieve brand-specific campaign data. Running local scripts involves a level of risk regarding the integrity of the executable and its environment. - [PROMPT_INJECTION]: The skill processes untrusted input ('Original content') from external sources such as URLs or documents and uses this data to generate derivative content. This creates a vulnerability to indirect prompt injection. \n
- Ingestion points: Source material provided via the 'Original content' field in SKILL.md. \n
- Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential injections within the source content. \n
- Capability inventory: Includes local file reads and subprocess execution via Python. \n
- Sanitization: No evidence of content validation or escaping is present in the instruction set.
- [DATA_EXFILTRATION]: The skill accesses configuration and profile files located in the user's home directory (
~/.claude-marketing/). While this appears to be the application's own data store, accessing sensitive files outside of a sandboxed project directory is a potential data exposure risk.
Audit Metadata