local-seo
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run a local Python script,
campaign-tracker.py, to list brand campaign history for context-aware planning. This is a functional use of local execution tools. - [DATA_EXFILTRATION]: The agent is directed to read brand profiles and guidelines from the
~/.claude-marketing/directory. This facilitates the access of local application data to customize the agent's behavior. - [PROMPT_INJECTION]: The skill features an attack surface for indirect prompt injection by ingesting data from external brand files.
- Ingestion points: Brand profile and guideline files (e.g.,
profile.json,restrictions.md) stored in~/.claude-marketing/brands/. - Boundary markers: The skill does not provide explicit delimiters or instructions to ignore embedded commands within the ingested brand data.
- Capability inventory: The agent has permissions for file system reading and local script execution.
- Sanitization: No explicit sanitization or validation of the brand data is described in the skill's instructions.
Audit Metadata