recall
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python command
intelligence-graph.py query-relevantusing parameters derived from the user's query context. While this is the intended functionality for querying the intelligence graph, it relies on the presence and integrity of the local script. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from external files (
_active-brand.json,profile.json) and the output of the intelligence graph to generate recommendations. - Ingestion points: Local brand profile files located in
~/.claude-marketing/brands/and agency SOPs in~/.claude-marketing/sops/. - Boundary markers: No explicit delimiters or instructions are used to distinguish brand data from agent instructions during processing.
- Capability inventory: The skill can execute local Python scripts (
intelligence-graph.py) and read from the user's home directory. - Sanitization: There is no evidence of sanitization or validation of the retrieved brand context or graph results before they are synthesized into the final output.
Audit Metadata