The Agent Skills Directory

[SAFE]: The skill's instructions and process steps align with its stated purpose of generating a holistic paid media plan. No malicious commands, obfuscation, or persistence mechanisms were detected.
[DATA_EXPOSURE]: The skill reads from paths like ~/.claude-marketing/brands/{slug}/profile.json to load brand context and industry specific rules. This is restricted to the application's own configuration directory and is used to provide relevant marketing strategy.
[PROMPT_INJECTION]: The skill processes external data from brand profile and guideline files. While this provides a surface for indirect prompt injection, it is a standard design pattern for context-aware agents and no exploitable capabilities (like network exfiltration or shell execution) are triggered by this data ingestion.

media-plan