brand-setup
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
python3 scripts/setup.pyto perform profile creation, listing, and switching operations. This script is part of the local skill package and is used for intended functionality. - [DATA_EXPOSURE]: The skill reads and writes brand profile data to the user's home directory within
~/.claude-marketing/brands/. This access is restricted to the skill's own configuration and data subdirectories. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted user-provided content, such as brand mission statements, voice samples, and competitor descriptions.
- Ingestion points: User responses during interactive setup phases defined in
SKILL.md. - Boundary markers: Absent; there are no specific instructions for the agent to use delimiters or ignore instructions within the ingested user content.
- Capability inventory: The skill has the ability to execute a local Python script (
scripts/setup.py) and perform file system write operations. - Sanitization: No specific validation or sanitization of the user-provided text or URLs is mentioned in the instructions.
Audit Metadata