crisis-response
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its reliance on external data sources for context construction. Ingestion points: The agent reads brand profiles, compliance rules, manifest files, and custom templates from the
~/.claude-marketing/directory. Boundary markers: The instructions do not define delimiters or provide warnings to the agent to ignore potential instructions embedded within these loaded files. Capability inventory: The skill's primary capabilities are limited to text generation, narrative assessment, and communication planning; it does not appear to have file-writing or network-access capabilities. Sanitization: There is no evidence of schema validation or content sanitization for the data retrieved from the local filesystem.
Audit Metadata