data-import
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from CSV, JSON, and Google Sheets, which creates a potential surface for indirect prompt injection. Malicious instructions embedded in the source data could potentially influence the agent's behavior during field mapping or validation steps.
- Ingestion points: Data sources provided as local files or external URLs in
SKILL.md(Step 2). - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands within the processed data.
- Capability inventory: The skill can read local application configuration (
~/.claude-marketing/), execute internal scripts (competitor-tracker.py), and write data to external platform APIs (Step 6). - Sanitization: While the skill performs data format validation (e.g., email and phone formatting in Step 4), it does not implement specific sanitization to filter out natural language instructions.
- [SAFE]: The core functionality of importing data and managing brand context is implemented using standard patterns and includes the
disable-model-invocation: trueflag, which limits the execution environment's risk profile. - [DATA_EXFILTRATION]: Access to local files is limited to the
~/.claude-marketing/directory for application-specific context. No access to sensitive system-level credentials (e.g., SSH keys, AWS config) was detected. - [COMMAND_EXECUTION]: The execution of
competitor-tracker.pyis part of the intended internal logic for handling competitor data segments. - [EXTERNAL_DOWNLOADS]: Data retrieval from user-supplied URLs is a primary feature of the skill and is handled via the Google Sheets MCP or standard parsing, with no evidence of malicious remote code execution from these sources.
Audit Metadata