attribution-model
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, remote code execution, or unauthorized network operations were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it ingests data from local configuration files. Ingestion points: ~/.claude-marketing/brands/_active-brand.json and associated profile/guideline JSON files in SKILL.md. Boundary markers: Not explicitly defined in the prompt instructions. Capability inventory: Limited to text generation and strategic recommendation (no subprocess, file-write, or network operations detected). Sanitization: No specific validation or escaping of the ingested JSON content is mentioned. The risk is considered minimal as there are no dangerous capabilities for the agent to exploit.
Audit Metadata