performance-report
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its data ingestion process. \n
- Ingestion points: Performance data provided via CSV, raw paste, or connected platforms as defined in
SKILL.md. \n - Boundary markers: The skill instructions do not specify delimiters (e.g., XML tags or triple backticks) to isolate external data from the core system prompt instructions. \n
- Capability inventory: The process reads various local files, including brand profiles, compliance rules, and SOPs from
~/.claude-marketing/andskills/context-engine/. \n - Sanitization: No explicit instructions for data validation, filtering, or escaping are provided for the ingested performance data before it is analyzed.
Audit Metadata