content-engine
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script to manage campaign data.
- Evidence:
SKILL.mdcontains instructions to runpython campaign-tracker.py --brand {slug} --action list-campaignsto retrieve campaign history. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection through the ingestion of external data files.
- Ingestion points: The agent reads brand profiles, guidelines, and restrictions from files located in
~/.claude-marketing/brands/{slug}/. - Boundary markers: There are no explicit delimiters or instructions provided to the LLM to ignore potentially malicious content within these brand profile files.
- Capability inventory: The skill can execute subprocesses (
campaign-tracker.py) and access the file system. - Sanitization: No sanitization or validation logic is defined for the content of the brand JSON or markdown files before they are loaded into the agent's context.
Audit Metadata