Security Audit
executing-marketing-campaigns
github.com/davila7/claude-code-templatesTrust Assessment
executing-marketing-campaigns received a trust score of 69/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Covert behavior / concealment directives, Arbitrary File Write via Path Traversal in Output File Argument.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 458b1186). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Write via Path Traversal in Output File Argument The `marketing_utils.py` script allows an attacker to specify an arbitrary file path for the output CSV file when using the `batch_generate` action. The `args.output` value is directly passed to the `generate_campaign_tracking_sheet` function as `output_file` without any path sanitization or restriction to a specific directory. This could allow an attacker to write the generated campaign tracking data to sensitive system files (e.g., `/etc/passwd`, `/root/.ssh/authorized_keys`) or overwrite existing files outside the intended working directory, leading to data corruption, denial of service, or potential privilege escalation if a critical system file is targeted. Implement robust path sanitization and validation for the `output_file` argument. Restrict file write operations to a designated, secure output directory (e.g., a temporary directory or a user-specific output folder). Use `os.path.join()` with a controlled base directory and validate that the resulting path does not escape this directory. | LLM | scripts/marketing_utils.py:200 | |
| MEDIUM | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | cli-tool/components/mcps/devtools/figma-dev-mode.json:4 | |
| MEDIUM | Arbitrary File Read via Path Traversal in Input File Argument The `marketing_utils.py` script allows an attacker to specify an arbitrary file path for the input CSV file when using the `batch_generate` action. The `args.file` value is directly passed to the `batch_generate_from_csv` function as `input_file` without any path sanitization or restriction. This could allow an attacker to attempt to read the content of sensitive system files (e.g., `/etc/passwd`, `/etc/shadow`) by providing its path. While the script attempts to parse the file as CSV and does not directly print its content, the ability to read arbitrary files is a significant information disclosure risk. Implement robust path sanitization and validation for the `input_file` argument. Restrict file read operations to a designated, secure input directory. Use `os.path.join()` with a controlled base directory and validate that the resulting path does not escape this directory. | LLM | scripts/marketing_utils.py:170 | |
| LOW | Covert behavior / concealment directives Multiple zero-width characters (stealth text) Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | cli-tool/components/mcps/devtools/jfrog.json:4 |
Scan History
Embed Code
[](https://skillshield.io/report/1010e9f3e7468310)
Powered by SkillShield