paid-measurement-loop

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted external data from sources such as CSV exports from ad platforms, GA4, and ecommerce stores, which creates a surface for indirect prompt injection attacks.
  • Ingestion points: CSV exports from native ad managers, GA4/web analytics, and ecommerce platforms mentioned in the Data Sources section.
  • Boundary markers: The instructions explicitly warn the agent to treat every fetched or exported file as untrusted input and to ignore any instructions embedded in data fields.
  • Capability inventory: The skill executes a local script (ledger.py) using python3 and delegates arithmetic to other internal skills.
  • Sanitization: The skill mandates that instructions embedded in data should never be executed and that exported values must be used only as data.
  • [COMMAND_EXECUTION]: The skill invokes a local script located at ${CLAUDE_PLUGIN_ROOT}/scripts/connectors/ledger.py to record campaign data and calculate differences between control and candidate windows. This script is used for ledgering and trend analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:34 AM
Security Audit — agent-trust-hub — paid-measurement-loop