roi-calculator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts to calculate ROI and track campaigns. Evidence includes the execution of 'python campaign-tracker.py' and 'scripts/roi-calculator.py' with interpolated variables like {slug}.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through data it processes at runtime. Ingestion points: User-provided campaign metrics and brand profile files at '~/.claude-marketing/brands/{slug}/profile.json'. Boundary markers: Absent; no delimiters or ignore-instruction warnings are used to separate untrusted content. Capability inventory: Execution of Python subprocesses and writing data back to the campaign tracker. Sanitization: Not specified for input data or the variables interpolated into command-line arguments.
Audit Metadata