campaign-analytics
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill ingests untrusted campaign data and interpolates it into markdown reports, creating a vulnerability to indirect prompt injection. Ingestion points: sample_campaign_data.json and script inputs. Boundary markers: Absent. Capability inventory: Generates performance summaries and budget recommendations. Sanitization: No sanitization or escaping of input data is evident.
- Unverifiable Logic (INFO): The Python scripts described in the skill (attribution_analyzer.py, funnel_analyzer.py, campaign_roi_calculator.py) are not included, preventing verification of safety and dependency claims.
Audit Metadata