review-response
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted review text which creates an indirect prompt injection surface. 1. Ingestion points: 'Review text' input defined in SKILL.md. 2. Boundary markers: Absent; no delimiters are used to isolate untrusted content. 3. Capability inventory: No executable scripts, network operations, or subprocess calls are present in the skill files. 4. Sanitization: Absent; no validation or filtering of input text is performed.
- [DATA_EXFILTRATION]: The skill instructions direct the agent to read local configuration and profile data. Evidence: Accesses files in ~/.claude-marketing/brands/ and ~/.claude-marketing/sops/. These are identified as vendor-specific resources for the 'indranilbanerjee' toolset.
Audit Metadata