campaign-brief-generator

No code-level malware patterns are present in the provided specification. The primary security concerns are data-flow and transitive trust: reading local brand-context files can leak sensitive data into creator-facing outputs; chaining to other skills increases the attack surface; and inclusion of arbitrary external links or user-supplied content may propagate malicious links or confidential information. Recommend: (1) restrict .claude/brand-context.md to non-sensitive fields and educate users not to store secrets there; (2) sanitize and validate external URLs and asset links before including them in briefs; (3) require explicit user confirmation before invoking or forwarding context to other skills; (4) treat any auto-populated 'Don'ts' as user-verified content and present a confirmation step prior to publishing creator-facing output.