client-proposal
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns such as obfuscation, persistence mechanisms, or unauthorized command execution were detected. The skill's operations are consistent with its described purpose of proposal drafting.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from local configuration files. Ingestion points: Files located at ~/.claude-marketing/brands/, ~/.claude-marketing/sops/, and skills/context-engine/compliance-rules.md. Boundary markers: None identified in the process description. Capability inventory: The skill is limited to text generation for proposals and does not invoke subprocesses or network operations. Sanitization: Content from loaded files is interpolated into the prompt without explicit sanitization or validation.
- [SAFE]: File system access is restricted to the skill's own application data directory (~/.claude-marketing/) for retrieving brand-specific assets and guidelines.
Audit Metadata