performance-check
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill triggers the execution of local Python scripts to handle data persistence and insight logging.\n
- Evidence: The skill instructs the agent to run
scripts/performance-monitor.pyandscripts/campaign-tracker.py.\n- [PROMPT_INJECTION]: There is a potential for indirect prompt injection due to the ingestion of untrusted data from external sources.\n - Ingestion points: Data is pulled from various external analytics providers like Google Analytics, Meta Marketing, and others via MCP connections (Step 3).\n
- Boundary markers: The instructions do not specify any markers or delimiters to isolate the data retrieved from external platforms from the skill's logic.\n
- Capability inventory: The skill can execute local scripts and perform file operations in the
~/.claude-marketing/directory.\n - Sanitization: No data sanitization or validation steps are defined for the incoming metrics and reports from external platforms.
Audit Metadata