Skills
skills/indranilbanerjee/digital-marketing-pro/pricing-test/Gen Agent Trust Hub

pricing-test

Warn

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs and executes shell commands using the local script audience-simulator.py by interpolating user-provided inputs such as {id} and {slug}. This pattern is susceptible to command injection if the input strings are not properly sanitized or validated before being passed to the shell environment.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted data from multiple local sources to guide agent behavior.
  • Ingestion points: Reads brand profiles, guidelines, and CRM data from ~/.claude-marketing/brands/{slug}/profile.json and ~/.claude-marketing/brands/{slug}/guidelines/_manifest.json (SKILL.md).
  • Boundary markers: The instructions do not specify any delimiters or explicit warnings to the agent to ignore or isolate embedded instructions within these ingested data sources.
  • Capability inventory: The skill has the capability to execute shell commands and read files across the local system (SKILL.md).
  • Sanitization: There is no evidence of content sanitization, escaping, or schema validation for the data retrieved from external files before it is processed by the language model.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 11, 2026, 11:12 AM