data-export
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses local marketing configuration and tracking files (e.g., brand profiles, campaign trackers) and transmits them to external cloud destinations. This behavior is documented as the core intended functionality and includes an approval gate and PII redaction to manage risk.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. Ingestion points: Reads data from external MCPs (CRM, Google Analytics, Email platforms) and local JSON files (e.g.,
~/.claude-marketing/brands/{slug}/campaign-tracker.json). Boundary markers: None specified in the instructions to delimit untrusted data. Capability inventory: Writing to external databases and spreadsheets via BigQuery MCP, Google Sheets MCP, and Supabase MCP. Sanitization: Implements data normalization (Step 3), quality validation (Step 5), and PII redaction (Step 9) before export.
Audit Metadata