creative-health
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it ingests and processes data from external advertising platforms and local configuration files.
- Ingestion points: Ad performance metrics (CTR, CPM, engagement), creative IDs, and brand profile JSON files.
- Boundary markers: The instructions lack explicit delimiters or instructions to treat external data as untrusted.
- Capability inventory: The skill performs read operations on the local filesystem (~/.claude-marketing/) and executes a Python script.
- Sanitization: No evidence of input validation or sanitization is present in the processing logic.
- [COMMAND_EXECUTION]: The workflow involves the execution of a local Python script, creative-fatigue-predictor.py, to calculate health scores based on ingested performance data.
Audit Metadata