creative-health
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script named
creative-fatigue-predictor.pyto calculate fatigue scores based on performance metrics. The script's source code is not provided for verification within the skill package. - [COMMAND_EXECUTION]: The skill accesses the local file system at
~/.claude-marketing/to retrieve sensitive brand profiles, guidelines, and SOPs. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) due to its ingestion of untrusted external data.
- Ingestion points: Creative performance data, specifically the creative ID and name fields which may originate from external ad platforms.
- Boundary markers: No explicit delimiters or system instructions are used to prevent the agent from interpreting data as instructions.
- Capability inventory: The skill possesses the ability to execute local scripts and read files from the user's home directory.
- Sanitization: No input validation or escaping of the ingested creative data is documented.
Audit Metadata