marketing-automation

This marketing-automation skill is documentation-first and is not itself executable malware. The main security concerns are operational: it expects access to local brand files and recommends invoking a local helper script (campaign-tracker.py) whose behavior is unknown. Those behaviors create plausible data-exfiltration or credential-leak paths if run without audit or if the agent/environment is overly permissive. Mitigations: audit helper scripts before execution, run any untrusted helpers in isolated environments, limit agent filesystem access to minimal allowed files, and require secure secret handling (vaults or environment variables) instead of pasting credentials into agent prompts. No direct hardcoded credentials or network backdoors are present in the provided text.