quality-report
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local script
scripts/quality-tracker.pymultiple times with various flags (--brand,--action,--days,--content-type,--limit). The values for these flags, such as--days {period}and--content-type {content_type}, are directly influenced by user input, which could lead to command injection if the underlying execution environment does not properly sanitize shell arguments. - [DATA_EXFILTRATION]: The skill performs extensive read operations on the user's local filesystem, specifically targeting the
~/.claude-marketing/directory. It accesses brand profiles (_active-brand.json,profile.json), quality guidelines (_manifest.json), and agency Standard Operating Procedures (/sops/). While these files are central to the skill's purpose, they represent the exposure of local data to the AI agent. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and synthesizes data from multiple untrusted sources to generate reports and recommendations.
- Ingestion points: Evaluation data retrieved via
scripts/quality-tracker.py, brand profile JSON files, and guideline manifests. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill possesses the ability to read local files and execute shell commands (
scripts/quality-tracker.py). - Sanitization: There is no evidence of sanitization, validation, or escaping of the content ingested from the external files or script outputs before it is used to influence the agent's analytical output.
Audit Metadata