launch-plan
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily functions as a template and procedural guide for creating marketing plans. While it accesses local files to load brand context, these paths (e.g.,
~/.claude-marketing/) appear to be standard application-specific storage locations for user-provided marketing data. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface area by ingesting untrusted data from local JSON and Markdown files (brand profiles, guidelines, and SOPs).
- Ingestion points: Files located in
~/.claude-marketing/brands/and~/.claude-marketing/sops/. - Boundary markers: None identified; instructions do not explicitly wrap these inputs in delimiters.
- Capability inventory: No dangerous capabilities (such as subprocess execution, network requests, or file writes) are defined or used by this skill.
- Sanitization: No validation or sanitization of the file content is performed before processing. However, given the lack of executable capabilities, the risk is limited to content manipulation in the final output.
Audit Metadata