marketing-mode
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill installs the package '@thesethrose/marketing-mode' via npm. The author and repository 'TheSethRose' are not recognized as trusted sources according to the security guidelines, meaning the code executed by this package cannot be automatically verified as safe.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze user-provided marketing copy and strategy. This creates an attack surface where malicious instructions could be embedded in the data processed by the 'Mark the Marketer' persona. Evidence: 1. Ingestion points: User inputs regarding target audience and messaging (mode-prompt.md). 2. Boundary markers: None present in the prompt instructions to isolate untrusted data. 3. Capability inventory: No dangerous capabilities (file writes, network) identified in the local files, though the npm package behavior is unknown. 4. Sanitization: No explicit sanitization or escaping of external content is performed.
Audit Metadata