lead-import
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to read and process multiple files within the
~/.claude-marketing/directory, including brand profiles, active brand configurations, and compliance rules. While these are part of the application's intended data structure, accessing hidden directories in the user's home folder is a sensitive operation. - [PROMPT_INJECTION]: The skill ingests data from external sources such as CSV files, JSON arrays, or arbitrary URLs provided as arguments. This creates a surface for indirect prompt injection where malicious instructions could be hidden within the processed lead data.
- Ingestion points: Data is loaded from a user-provided
[source-file or URL]or manual field entries. - Boundary markers: The instructions do not specify the use of clear delimiters or instructions for the agent to ignore any embedded commands within the ingested lead data.
- Capability inventory: The skill has the capability to write data to external CRMs via MCP tools, trigger automated email sequences, and write log files to the local file system.
- Sanitization: While the process includes validation for specific formats (email and phone), there is no mention of sanitizing text fields to prevent the execution of instructions embedded in the data.
Audit Metadata