client-report
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local Python scripts (
campaign-tracker.py,execution-tracker.py, andreport-generator.py) using arguments such as{slug},{date_range}, and{channel}which are derived from user input. This pattern creates a potential for command injection if the underlying environment does not properly sanitize these inputs before passing them to the shell or script execution engine. - [DATA_EXFILTRATION]: The skill accesses sensitive marketing data and brand configuration from the local filesystem (
~/.claude-marketing/brands/) and is designed to transmit this information to external delivery channels via Slack, Email, and Google Sheets MCPs. Although an 'approval checkpoint' is included to mitigate accidental disclosure, the core functionality enables the aggregation and exfiltration of potentially sensitive business information. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection as it incorporates data from external campaign trackers and brand-specific guideline files into its report generation logic.
- Ingestion points: Brand profiles and guidelines in
~/.claude-marketing/and performance metrics output bycampaign-tracker.py. - Boundary markers: The process lacks explicit delimiters or instructions to isolate ingested data from the report's strategic narrative logic.
- Capability inventory: The skill has read access to the local filesystem, execution rights for local scripts, and network delivery capabilities via multiple messaging and document MCPs.
- Sanitization: There is no evidence of validation, filtering, or escaping of external content before it is processed by the agent during the generation of the executive summary and recommendations.
Audit Metadata