Skills
skills/indranilbanerjee/digital-marketing-pro/what-if/Gen Agent Trust Hub

what-if

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions specify the execution of a local Python script, revenue-simulator.py, to perform scenario projections.
  • [PROMPT_INJECTION]: The skill possesses a potential surface for indirect prompt injection by processing external data files that could contain malicious instructions.
  • Ingestion points: Reads data from ~/.claude-marketing/brands/{slug}/profile.json, ~/.claude-marketing/brands/{slug}/_manifest.json, and ~/.claude-marketing/brands/_active-brand.json.
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are mentioned to separate ingested data from agent instructions.
  • Capability inventory: The skill utilizes the marketing-scientist agent and executes a local script revenue-simulator.py.
  • Sanitization: The instructions do not define any sanitization, validation, or escaping logic for the content of the brand files.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 01:19 AM