budget-tracker
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's behavior is entirely consistent with its described purpose of tracking and optimizing advertising budgets.
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
ad-budget-pacer.py,budget-optimizer.py,performance-monitor.py) to perform its analysis. These scripts are part of the skill's internal logic and do not involve remote code execution. - [DATA_EXFILTRATION]: The skill accesses brand profile and budget configuration files located in the
~/.claude-marketing/directory. This access is limited to a specific application data folder required for the skill to function and does not target general system secrets or credentials. - [PROMPT_INJECTION]: The skill processes campaign-level data from external advertising platforms (Google Ads, Meta, LinkedIn, TikTok), creating an indirect prompt injection surface.
- Ingestion points: Data is retrieved from external advertising platform APIs (MCPs).
- Boundary markers: No explicit boundary markers or instructions to ignore embedded content are present in the processing workflow.
- Capability inventory: The skill has the ability to read brand profiles and execute internal Python scripts.
- Sanitization: No sanitization or validation steps for the external data are described in the provided logic.
Audit Metadata