email-sequence
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to access sensitive local file paths in the user's home directory.
- Evidence: The agent is tasked with reading brand profiles, guideline manifests, and agency SOPs from the
~/.claude-marketing/directory. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests data from external local files without validation.
- Ingestion points: Data is loaded from JSON and markdown files within
~/.claude-marketing/brands/and~/.claude-marketing/sops/. - Boundary markers: There are no instructions to use delimiters or to disregard potential commands embedded within these files.
- Capability inventory: The agent reads these files to define brand voice and compliance, directly influencing its output generation.
- Sanitization: The process lacks steps to sanitize or validate the content of the loaded files.
Audit Metadata