social-strategy
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection by processing external data from local brand configuration files.
- Ingestion points: Reads from
~/.claude-marketing/brands/_active-brand.json,~/.claude-marketing/brands/{slug}/profile.json, and~/.claude-marketing/brands/{slug}/guidelines/_manifest.json. - Boundary markers: No explicit markers or instructions are provided to the agent to treat this ingested content as untrusted data or to ignore embedded commands.
- Capability inventory: The skill is restricted to generating text-based strategies and plans. No command execution, file system modification, or network access capabilities were identified in the process instructions.
- Sanitization: There is no evidence of input validation, sanitization, or escaping of the content read from the brand JSON files.
Audit Metadata