martech-audit
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's operations are limited to reading marketing-related configuration data from application-specific directories within the user's home path (~/.claude-marketing/), which is consistent with its stated utility.\n- [PROMPT_INJECTION]: The skill ingests data from external JSON profiles and manifest files, creating a surface for indirect prompt injection.\n
- Ingestion points: Loads data from brand profiles and guidelines in ~/.claude-marketing/ (SKILL.md).\n
- Boundary markers: The skill does not define explicit delimiters or instructions to prevent the model from obeying instructions embedded within the loaded JSON data.\n
- Capability inventory: No capabilities for network access, file writing, or shell command execution were identified in the skill instructions.\n
- Sanitization: There are no documented steps for validating or escaping the content loaded from local configuration files.
Audit Metadata