content-repurpose

Functionally the described content-repurposing skill matches its stated goals and largely uses local resources (brand profiles, templates, and a local campaign-tracker). The primary security concerns are: (1) execution of a local Python script (campaign-tracker.py) which can perform arbitrary actions and should be audited or sandboxed before execution, and (2) broad reads of user-home brand configuration files which may contain sensitive data. There is no direct evidence of network exfiltration, hardcoded credentials, or obfuscated/malicious code in the provided description. Recommended mitigations: review campaign-tracker.py source before allowing execution, restrict and audit access to ~/.claude-marketing, require explicit user consent and audit logs for any external posting/publishing, and use least-privilege patterns for any credentials. Overall, treat this as a useful tool with manageable supply-chain and privacy risks if operational controls are applied.