case-study-plan
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows a standard procedural logic for content generation. It does not contain any obfuscated code, remote scripts, or attempts to escalate privileges.
- [DATA_EXPOSURE]: The skill accesses local configuration files within the
~/.claude-marketing/directory. These files contain brand profiles, compliance rules, and SOPs necessary for the skill's intended purpose. This access is confined to application-specific data and does not target sensitive system directories or credentials. - [PROMPT_INJECTION]: The skill ingests untrusted user input (e.g., client details, project results) to populate its narrative framework. While this presents a surface for indirect prompt injection, the risk is minimal as the skill's output is limited to text-based planning and does not involve executable code or sensitive system operations.
- [COMMAND_EXECUTION]: No shell commands, subprocess spawns, or dynamic code execution patterns (like eval or exec) were found in the skill's logic.
Audit Metadata