send-sms
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts, specifically brand-voice-scorer.py, approval-manager.py, and execution-tracker.py, to perform content analysis and manage the delivery workflow.- [DATA_EXFILTRATION]: The skill accesses sensitive information within the ~/.claude-marketing/ directory, including brand profiles and audience data containing recipient contact information.- [EXTERNAL_DOWNLOADS]: The skill communicates with well-known messaging platforms Twilio and Brevo through a Model Context Protocol (MCP) to send messages and track delivery status.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted message content and recipient data from CSV files.
- Ingestion points: Processes user-provided message bodies and external CSV files for bulk messaging.
- Boundary markers: The skill does not implement explicit delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The agent can read local files, execute Python subprocesses, and initiate network transmissions via third-party APIs.
- Sanitization: Content validation is restricted to regulatory compliance and formatting, lacking specific sanitization for potential malicious instructions.
Audit Metadata