campaign-orchestrator
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill reads brand profiles and guidelines from the local
~/.claude-marketing/directory to customize its marketing outputs. This data access is localized and required for the skill's primary orchestration purpose. - [COMMAND_EXECUTION]: The skill invokes a local script,
campaign-tracker.py, to retrieve campaign history. This execution is part of the documented campaign management workflow and uses context-derived parameters. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes external brand manifest data. Ingestion points include the
profile.jsonand guidelines files in the brand directory. Boundary markers are absent between ingested data and system instructions. The capability inventory includes local script execution and content generation. No specific sanitization or validation of the ingested files is documented.
Audit Metadata