funnel-architect
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: In
SKILL.md, the agent is instructed to runpython campaign-tracker.py --brand {slug} --action list-campaigns. This script (campaign-tracker.py) is not included in the skill package, meaning the agent would be executing an external, unverifiable script from the local environment. - [DATA_EXFILTRATION]: The skill instructions in
SKILL.mdmandate reading potentially sensitive user data from the filesystem, specifically brand profiles, compliance rules, and campaign histories located at~/.claude-marketing/brands/{slug}/profile.jsonand associated subdirectories. This represents a significant data exposure surface. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data processing workflows.
- Ingestion points: The skill reads content from multiple external files at runtime, including
profile.json,_manifest.json,restrictions.md,channel-styles.md, andmessaging.mdfrom the~/.claude-marketing/directory. - Boundary markers: There are no markers or system instructions to prevent the agent from following malicious instructions that might be embedded within these brand guideline files.
- Capability inventory: The skill has the capability to execute shell commands (running the
campaign-tracker.pyscript). - Sanitization: There is no evidence of content validation or sanitization for the data read from these external files before it is processed or used to influence agent behavior.
Audit Metadata