creative-testing-framework
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses sensitive business information and brand profiles from the local file system.
- Evidence: Step 1 reads configuration and profile data from
~/.claude-marketing/brands/_active-brand.jsonand~/.claude-marketing/brands/{slug}/profile.json. - Evidence: Accesses sensitive agency SOPs located at
~/.claude-marketing/sops/. - Evidence: Dynamically computes paths to load guidelines and templates based on brand slugs, which could lead to directory traversal if the slug is untrusted.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection via ingested local files.
- Ingestion points: Ingests data from
profile.json,_manifest.json, templates, and agency SOPs inSKILL.md(Step 1). - Boundary markers: Absent. The instructions do not define delimiters or explicit instructions to ignore embedded commands within the ingested brand files.
- Capability inventory: The skill generates ad testing plans, budget allocations, and creative briefs. It does not perform shell commands or network requests.
- Sanitization: Absent. Content from ingested marketing files is directly interpolated into the creative testing strategy logic.
Audit Metadata