The Agent Skills Directory

[COMMAND_EXECUTION]: Potential shell command injection vulnerability in the Process section. Steps 2 and 3 instruct the agent to execute scripts/claim-verifier.py by interpolating user-provided content ({content}) directly into the command line: scripts/claim-verifier.py --action extract-claims --text "{content}". If the content contains shell metacharacters such as backticks or semicolons, it could result in arbitrary code execution on the host system.\n- [DATA_EXFILTRATION]: The skill accesses multiple sensitive file paths in the user's home directory, including ~/.claude-marketing/brands/, ~/.claude-marketing/brands/{slug}/profile.json, and ~/.claude-marketing/sops/. The combination of sensitive file access and the command injection vulnerability significantly increases the risk of data exfiltration or unauthorized exposure of brand-specific information.\n- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection through the 'Content with claims' input. The skill ingests untrusted data and processes it for claim extraction without defined boundary markers or sanitization, potentially allowing an attacker to embed instructions that manipulate the agent's extraction or verification logic.

verify-claims