qbr-plan
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified.
- Ingestion points: Processes data from local brand files in
~/.claude-marketing/and user-provided inputs including campaign performance, client satisfaction signals, and competitive shifts (SKILL.md). - Boundary markers: Absent; the skill does not use delimiters or explicit isolation to separate external data from its core instructions.
- Capability inventory: Analysis and strategy generation performed via secondary agents (
analytics-analystandmarketing-strategist); no evidence of subprocess execution, file system modifications, or network operations. - Sanitization: No data validation or sanitization is performed on external inputs prior to their use in the generation process.
Audit Metadata