marketing-automation
Warn
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to run the command
python campaign-tracker.py --brand {slug} --action list-campaigns. Since thecampaign-tracker.pyscript is not provided, its safety cannot be audited. - [COMMAND_EXECUTION]: The command execution uses the
{slug}variable without sanitization, which may allow for argument or command injection if the brand slug is derived from untrusted input. - [DATA_EXFILTRATION]: The instructions require reading from
~/.claude-marketing/brands/{slug}/profile.jsonand~/.claude-marketing/brands/{slug}/guidelines/_manifest.json, which could expose private brand data or credentials if they reside in the user's home directory. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it loads and follows instructions from external files (profiles and guidelines) without boundary markers or sanitization.
- Ingestion points: Brand profile and guideline files located in
~/.claude-marketing/. - Boundary markers: None. The skill does not instruct the agent to distinguish between trusted instructions and potentially untrusted file content.
- Capability inventory: File system read access and shell command execution.
- Sanitization: No validation or escaping is applied to the data retrieved from external files or to variables used in shell commands.
Audit Metadata