pricing-test
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script
audience-simulator.pywith arguments derived from user input or session data (e.g.,--panel-id {id}). - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection by processing untrusted data from CRM records and user-provided descriptions. Ingestion points: CRM data and product descriptions. Boundary markers: No delimiters or instructions to ignore embedded commands are present. Capability inventory: Read access to
~/.claude-marketing/and execution of Python scripts. Sanitization: No input sanitization is performed on the data before it is processed by the simulator.
Audit Metadata