paid-measurement-loop
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from sources such as CSV exports from ad platforms, GA4, and ecommerce stores, which creates a surface for indirect prompt injection attacks.
- Ingestion points: CSV exports from native ad managers, GA4/web analytics, and ecommerce platforms mentioned in the Data Sources section.
- Boundary markers: The instructions explicitly warn the agent to treat every fetched or exported file as untrusted input and to ignore any instructions embedded in data fields.
- Capability inventory: The skill executes a local script (
ledger.py) using python3 and delegates arithmetic to other internal skills. - Sanitization: The skill mandates that instructions embedded in data should never be executed and that exported values must be used only as data.
- [COMMAND_EXECUTION]: The skill invokes a local script located at
${CLAUDE_PLUGIN_ROOT}/scripts/connectors/ledger.pyto record campaign data and calculate differences between control and candidate windows. This script is used for ledgering and trend analysis.
Audit Metadata