campaign-plan

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or security risks were detected in the skill's instructions, agent manifests, or reference frameworks.
  • [DATA_EXFILTRATION]: The skill accesses project-specific research files, such as icp-research.md, to generate campaign artifacts. This data access is aligned with the skill's primary purpose and does not target sensitive system configuration or personal identity files. There is no evidence of unauthorized network transmission of this data.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external data from research files. This is inherent to the skill's function of analyzing user-provided research.
  • Ingestion points: Reads from research/product-context.md, research/icp-research.md, and .agents/skill-artifacts/meta/sketches/prioritize-*.md.
  • Boundary markers: Explicit boundary markers for external data are absent in the prompt templates.
  • Capability inventory: The orchestrator has access to Read, Grep, Glob, Bash, and WebFetch tools.
  • Sanitization: No explicit sanitization or filtering of the ingested research data is performed before interpolation into sub-agent prompts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:04 PM
Security Audit — agent-trust-hub — campaign-plan