schedule-social
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow depends on the execution of multiple local Python scripts:
posting-time-analyzer.py,hashtag-analyzer.py,brand-voice-scorer.py,approval-manager.py, andexecution-tracker.py. These scripts are executed via subprocesses to process brand data and content, but their source code is not provided within the skill for verification. - [DATA_EXFILTRATION]: The skill reads sensitive information from the user's home directory, specifically within the
~/.claude-marketing/path. This includes active brand configurations (_active-brand.json), detailed brand profiles (profile.json), and agency Standard Operating Procedures (SOPs). Accessing private configuration files in hidden directories is a data exposure risk. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted user content and local brand files, then processing them using scripts before final publication to external social media platforms.
- Ingestion points: Processes user-provided post content, media asset URLs, and local brand profile data from
~/.claude-marketing/(SKILL.md). - Boundary markers: There are no explicit delimiters or instructions defined to separate untrusted content from the agent's internal logic.
- Capability inventory: The skill possesses high-privilege capabilities including reading/writing local files in the home directory, executing Python scripts, and interacting with external social media APIs via MCP servers (SKILL.md).
- Sanitization: The instructions do not specify any validation, escaping, or filtering of the user-provided content or local data before it is processed by the analyzer scripts or submitted for publication.
Audit Metadata