agency-dashboard
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local utility scripts such as
campaign-tracker.py,execution-tracker.py, andteam-manager.pyto retrieve and process metrics. These executions are performed using parameters derived from local brand profiles.\n- [DATA_EXFILTRATION]: The skill accesses business-sensitive data stored in the user's home directory (~/.claude-marketing/), including client health metrics, financial budget pacing, and team capacity logs. It offers functionality to export this data to external platforms like Slack and Google Sheets.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface as it processes data from external sources (brand guidelines and profiles) that could be manipulated to influence agent behavior.\n - Ingestion points: Reads content from
~/.claude-marketing/brands/{slug}/profile.json,~/.claude-marketing/brands/{slug}/guidelines/_manifest.json, and agency SOPs.\n - Boundary markers: No specific boundary markers or instructions to ignore embedded directions within the ingested data were identified.\n
- Capability inventory: The skill has the capability to execute shell commands and read from the file system to aggregate data across multiple directories.\n
- Sanitization: There is no explicit validation or sanitization logic for the data ingested from the brand-specific files.
Audit Metadata