executive-dashboard
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill reads several files from the local filesystem, specifically within the
~/.claude-marketing/directory. This includes brand profiles, guidelines, templates, and SOPs. While this data access is intended for its primary function, it represents a surface for potential data exposure if the environment contains sensitive information in these paths. - [PROMPT_INJECTION]: The skill demonstrates a vulnerability to indirect prompt injection by ingesting untrusted data from local files without security controls.
- Ingestion points: Files located at
~/.claude-marketing/brands/,~/.claude-marketing/sops/, andskills/context-engine/are loaded into the agent context in the first step of the process. - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to disregard instructions found within the imported data.
- Capability inventory: None. The skill's output is limited to design recommendations and structured dashboard plans, with no evidence of file-write, network operations, or subprocess execution in any of the scripts or instructions.
- Sanitization: Absent. There is no mention of validation or filtering for the external content before it is processed by the agent.
Audit Metadata