segment-audience
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs expected business operations for CRM and email platform management without any detectable malicious intent or harmful command execution.
- [DATA_EXFILTRATION]: The skill reads and writes to a specific directory (
~/.claude-marketing/) dedicated to the application's brand profiles and execution logs. This is standard behavior for maintaining state and configuration in a marketing automation context. - [PROMPT_INJECTION]: The skill processes data from external sources (CRM contacts, email engagement) and local JSON configuration files, representing a theoretical surface for indirect prompt injection.
- Ingestion points:
profile.json,_manifest.json, and connected CRM/Ad platform data. - Boundary markers: Not explicitly defined in the provided process logic.
- Capability inventory: Reading configuration files, writing to
segment-log.json, and interacting with CRM/Marketing APIs via secondary agents (crm-manager,email-specialist,media-buyer). - Sanitization: No explicit sanitization or validation steps for external data are described in the instructions, which is common for high-level orchestration skills.
Audit Metadata