attribution-model
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by ingesting configuration and context from external files.
- Ingestion points: Files include _active-brand.json, profile.json, and _manifest.json located in the ~/.claude-marketing/ directory, as well as compliance-rules.md.
- Boundary markers: No delimiters or instructions are provided to distinguish between the skill's core instructions and the data loaded from external files.
- Capability inventory: The skill is limited to analysis and reporting; it does not utilize tools for network communication, arbitrary code execution, or unauthorized file system modification.
- Sanitization: There are no mechanisms described to validate or sanitize the input from the external context files before they are processed by the agent.
Audit Metadata