video-script
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it loads and processes untrusted data from multiple local files to define its operating context and constraints.
- Ingestion points: The skill reads brand profiles (
profile.json), guidelines (_manifest.json), templates, and agency SOPs from the~/.claude-marketing/directory (referenced inSKILL.md). - Boundary markers: No explicit boundary markers or delimiters are defined to separate brand data from system instructions, nor are there warnings to the agent to ignore embedded instructions within these files.
- Capability inventory: The agent has the capability to read local files and generate narrative content based on the data retrieved (referenced in
SKILL.md). - Sanitization: There is no evidence of sanitization, validation, or structural checking of the content loaded from the external brand and SOP files before it is integrated into the agent's prompt context.
Audit Metadata