focus-group
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script named
audience-simulator.pywith various subcommands (load-panel,create-panel) to manage synthetic audience panels. Although this script is part of the skill's operational logic, it represents an external execution dependency. - [DATA_EXFILTRATION]: The skill accesses sensitive information including brand profiles, customer behavioral patterns, and purchase history distributions from the CRM for persona grounding. It reads files from the
~/.claude-marketing/directory, which contains sensitive business context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data ("Stimulus to test") and external CRM records which are then processed by the agent to generate predicted responses.
- Ingestion points: User-provided stimulus and questions in
SKILL.md. - Boundary markers: None identified to separate the stimulus text from the agent's instructions.
- Capability inventory: Executes local shell commands (
audience-simulator.py) and accesses the local filesystem (~/.claude-marketing/). - Sanitization: There is no evidence of input validation or sanitization for the stimulus material before it is used in persona generation.
Audit Metadata