email-sequence
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses local files located within the hidden
~/.claude-marketing/directory to retrieve brand profiles, active brand status, and configuration settings. While no network exfiltration is explicitly performed, reading from hidden application-specific folders represents a data exposure surface. - Evidence:
SKILL.mdcontains instructions to read~/.claude-marketing/brands/_active-brand.jsonand dynamically constructed paths such as~/.claude-marketing/brands/{slug}/profile.jsonand~/.claude-marketing/sops/. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests content from external local files (profiles, compliance rules, and standard operating procedures) and applies them to its logic without specified boundary markers or sanitization.
- Ingestion points: Data is loaded from
~/.claude-marketing/brands/,skills/context-engine/compliance-rules.md, and~/.claude-marketing/sops/. - Boundary markers: No delimiters or instructions to ignore embedded commands in the loaded files are present.
- Capability inventory: The skill instructions focus on file-read operations to establish context; no network requests or subprocess executions are defined in the provided file.
- Sanitization: There is no evidence of validation or sanitization for the ingested brand profile or SOP data.
Audit Metadata