what-if
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script named revenue-simulator.py to process marketing data. This script is not provided within the skill package, creating a dependency on the local environment.- [DATA_EXFILTRATION]: The skill accesses and reads data from hidden directories in the user home folder, specifically ~/.claude-marketing/brands/. While this data is relevant to the marketing purpose, it involves reading files from sensitive hidden locations.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its data ingestion patterns.
- Ingestion points: Brand profiles (
/.claude-marketing/brands/{slug}/profile.json), guidelines (_manifest.json), and agency SOPs (/.claude-marketing/sops/) are read into the agent context. - Boundary markers: No delimiters or explicit instructions are used to prevent the agent from following commands embedded within these data files.
- Capability inventory: The skill has the capability to execute system commands via revenue-simulator.py.
- Sanitization: No validation or filtering of the ingested JSON or manifest content is performed before processing.
Audit Metadata