region-config
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential surface for indirect prompt injection identified. The skill aggregates data from user-provided inputs and various local files to generate persistent configurations and compliance checklists.\n
- Ingestion points: Ingests data from user-provided regional parameters (e.g., industry regulations, holiday calendars) and external files such as
~/.claude-marketing/brands/{slug}/profile.jsonand~/.claude-marketing/sops/.\n - Boundary markers: The instructions do not specify the use of delimiters or markers to isolate ingested content or prevent the execution of embedded instructions within those files.\n
- Capability inventory: The skill performs file-read operations on brand profiles and file-write operations to persistent JSON configuration files within the
~/.claude-marketing/directory.\n - Sanitization: No explicit mention of input validation, escaping, or sanitization is provided for the data ingested from external sources before it is used to generate new files and checklists.
Audit Metadata