Skills
skills/indranilbanerjee/digital-marketing-pro/churn-risk/Gen Agent Trust Hub

churn-risk

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill initiates the execution of a local Python script named churn-predictor.py to process customer behavioral data. This introduces a risk of arbitrary command execution if the script is not securely managed or if its inputs are compromised.
  • [DATA_EXFILTRATION]: The skill reads data from the local file system at ~/.claude-marketing/brands/ to load brand profiles and guidelines. Reading from directories outside the immediate skill folder increases the surface area for unauthorized data exposure.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via data ingested from Salesforce or HubSpot.
  • Ingestion points: CRM manager agent retrieves customer behavioral records and custom churn signals.
  • Boundary markers: No markers or protective instructions (e.g., delimiters) are used to separate untrusted data from the execution prompt.
  • Capability inventory: The skill can read local files and execute local scripts (churn-predictor.py).
  • Sanitization: No sanitization, escaping, or validation of the external CRM data is described in the workflow.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 01:02 PM