client-report
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
campaign-tracker.py,execution-tracker.py, andreport-generator.py) to aggregate performance metrics and format the final report outputs. - [DATA_EXPOSURE]: The skill accesses local data stored in
~/.claude-marketing/brands/and~/.claude-marketing/sops/. This involves reading brand profiles, compliance rules, and agency guidelines to contextualize the reports. - [DATA_EXFILTRATION]: The skill includes functionality to send data to external channels (Slack, Email, Google Sheets) via MCP integrations. This risk is mitigated by a mandatory human-in-the-loop approval step defined in the process.
- [PROMPT_INJECTION]: As the skill ingests data from external MCP servers and local brand files (Category 8), it possesses an attack surface for indirect prompt injection. The skill includes instructions to apply compliance rules and professional tone which provides some structural boundaries, but lacks explicit sanitization of input metrics.
Audit Metadata