media-plan
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from local configuration files into the agent's decision-making process.\n
- Ingestion points: The skill reads various files from the
~/.claude-marketing/directory, including brand profiles (profile.json), guidelines (_manifest.json), custom templates, and agency SOPs.\n - Boundary markers: The instructions do not define any delimiters or specific warnings to the agent to disregard potential instructions embedded within these external files.\n
- Capability inventory: The skill itself does not invoke dangerous capabilities like shell command execution (
subprocess), file writing, or network operations, which limits the potential impact of an injection.\n - Sanitization: There is no evidence of sanitization, validation, or filtering of the content loaded from the brand-specific directories.
Audit Metadata