exec-summary
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from multiple external and internal sources. Malicious content hidden in marketing campaign names, CRM fields, or previous summaries could potentially influence the agent's behavior during synthesis.
- Ingestion points: Data from connected MCPs (Google Analytics, Google Ads, Meta Ads, HubSpot, Salesforce) and local files located in
~/.claude-marketing/brands/. - Boundary markers: None identified in the process instructions to distinguish between instructions and data.
- Capability inventory: Execution of local Python scripts, reading sensitive business metrics from the filesystem, and delivering content via external channels (Slack, Email).
- Sanitization: No explicit sanitization or validation of the ingested external data is mentioned.
- [COMMAND_EXECUTION]: The skill invokes several local Python scripts (
clv-calculator.py,roi-calculator.py,revenue-forecaster.py, andbudget-optimizer.py) to perform complex mathematical computations. While these are intended utilities, they constitute a local command execution surface.
Audit Metadata