sop-library
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
execution-tracker.pyusing command-line arguments. Specifically, it passes the{slug}parameter which can be derived from user input. A lack of sanitization on this parameter could lead to command injection vulnerabilities. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from both user-supplied content and external script outputs, which are then used in logic-heavy tasks like compliance auditing.
- Ingestion points: User-provided SOP content and version notes in
SKILL.md, and the output ofexecution-tracker.pyduring thecheck-complianceaction. - Boundary markers: None are present; the skill does not use delimiters to encapsulate untrusted data.
- Capability inventory: The skill has the capability to execute shell commands and perform extensive file read/write operations in the
~/.claude-marketing/directory. - Sanitization: No evidence of input validation, filtering, or escaping is provided for the ingested data.
- [DATA_EXFILTRATION]: The skill accesses sensitive files including brand profiles, compliance manifests, and operational SOPs in the
~/.claude-marketing/directory. While no direct network exfiltration is identified, the combination of sensitive data access and the ingestion of untrusted content creates a risk of data exposure or exfiltration if a prompt injection occurs.
Audit Metadata