Skills
skills/indranilbanerjee/digital-marketing-pro/import-sop/Gen Agent Trust Hub

import-sop

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local utility script scripts/guidelines-manager.py using shell-style command assembly: guidelines-manager.py --action save-sop --name {name} --content "{content}". Since both the name and content are supplied by the user, this pattern is susceptible to command injection if the input includes shell metacharacters (e.g., semicolons, backticks, or pipe symbols) or command substitution syntax.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by capturing untrusted user input and persisting it as a system guideline/SOP.
  • Ingestion points: User-provided "SOP content" and "SOP name" processed in the Process section of SKILL.md.
  • Boundary markers: None. There are no delimiters or instructions to the agent to ignore or escape embedded instructions within the SOP content.
  • Capability inventory: The skill can perform file system writes to ~/.claude-marketing/sops/ and execute the guidelines-manager.py script (as identified in Category 4/10).
  • Sanitization: No sanitization, escaping, or validation steps are defined for the user-supplied content before it is saved or passed to the execution script.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 03:02 AM