entity-audit
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate marketing and SEO tasks, querying reputable public platforms (Wikidata, Wikipedia, Google) to verify entity data accuracy.
- [COMMAND_EXECUTION]: The skill invokes a local script
geo-tracker.pywith theentity-checkcommand to log audit results. This is a standard functional component for the tool's internal state management. - [DATA_EXPOSURE]: The skill accesses brand-related metadata stored in
~/.claude-marketing/brands/. These files contain standard brand information (names, websites, founding dates) necessary for the audit process. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external websites that could theoretically be tampered with by an attacker. However, the risk is mitigated as the skill's logic is focused on extracting and comparing specific metadata fields (like 'founding date') against a local authoritative profile, rather than executing instructions from that data.
- Ingestion points: Reads data from Wikidata, Wikipedia, and various industry directories; also reads local files in
~/.claude-marketing/brands/. - Boundary markers: Absent.
- Capability inventory: Executes
geo-tracker.pyscript; performs network searches. - Sanitization: Not explicitly mentioned, but the data usage is restricted to structured property comparisons.
Audit Metadata