recall
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script named
intelligence-graph.pywith user-supplied context dimensions as arguments, which is used to query the marketing intelligence graph. - [DATA_EXPOSURE]: The skill reads data from hidden local directories at
~/.claude-marketing/brands/and~/.claude-marketing/sops/to contextualize queries and retrieve brand-specific information. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests 'marketing learnings' from an intelligence graph and synthesizes them into an actionable playbook for the user. If the data within the graph contains malicious instructions, the agent may follow them.
- Ingestion points: Data is ingested from
~/.claude-marketing/files and the output of theintelligence-graph.pyscript. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore any natural language instructions found within the retrieved data.
- Capability inventory: The skill possesses the ability to read from the local file system and execute shell commands (
intelligence-graph.py). - Sanitization: There is no mention of sanitizing or validating the content retrieved from the intelligence graph before it is processed by the agent.
Audit Metadata