creative-testing-framework
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Analysis of the skill instructions and processes found no evidence of malicious intent, data exfiltration, or unauthorized code execution. The file access is limited to application-specific directories.
- [PROMPT_INJECTION]: The skill ingests data from local brand profiles and standard operating procedures. 1. Ingestion points:
~/.claude-marketing/brands/and~/.claude-marketing/sops/. 2. Boundary markers: None identified. 3. Capability inventory: The skill does not utilize high-risk operations such as network requests, file-writing, or subprocess execution. 4. Sanitization: No explicit sanitization or escaping of ingested content is mentioned. This architectural pattern represents an indirect prompt injection surface but is considered low risk given the lack of exploitable capabilities.
Audit Metadata