Skills
skills/aradotso/marketing-skills/marketing-os-starter/Gen Agent Trust Hub

marketing-os-starter

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the project template from the author's GitHub repository (ericosiu/marketing-os-starter).
  • [COMMAND_EXECUTION]: The documentation suggests the installation of standard NPM packages for marketing tool integrations, such as @mcp/google-analytics and @mcp/hubspot.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process content from external sources like Reddit and G2 reviews. This creates an indirect prompt injection surface where external data could potentially influence agent behavior.
  • Ingestion points: Data entering the agent context via the 'Researcher' agent scraping public platforms like Reddit and G2 reviews (as described in the tool usage examples).
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are specified in the provided framework description.
  • Capability inventory: The system performs file operations (writing memory, campaign history, and JSON files) and interacts with external services via MCP tools.
  • Sanitization: There is no mention of sanitization or validation processes for the ingested external content before it is passed to other agents in the pipeline.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 10:27 PM
Security Audit — agent-trust-hub — marketing-os-starter