message-test
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local script
audience-simulator.pywith arguments derived from user input (e.g.,{panel-id},{slug}). This creates a potential command injection vector if the input is not sanitized before being passed to the shell. - [COMMAND_EXECUTION]: The skill accesses files and directories in the user's home path (
~/.claude-marketing/). This involves reading brand profiles, guidelines, and agency SOPs, which could lead to unauthorized access to sensitive information if the skill logic is manipulated. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from both external files and user-provided message variants without explicitly defined boundary markers or sanitization steps.
- Ingestion points: Brand profiles in
~/.claude-marketing/brands/, agency SOPs in~/.claude-marketing/sops/, and user-provided message variants. - Boundary markers: Absent; the skill does not define delimiters or instructions to ignore embedded commands in the processed data.
- Capability inventory: The agent can execute shell commands via the
audience-simulator.pyscript. - Sanitization: No validation, escaping, or filtering of the external content or user-provided variants is specified before processing.
Audit Metadata