Skills
skills/indranilbanerjee/digital-marketing-pro/retargeting-strategy/Gen Agent Trust Hub

retargeting-strategy

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a local script named campaign-tracker.py using a 'slug' identifier as a command-line argument.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from local configuration files into the agent's context.
  • Ingestion points: Data is read from ~/.claude-marketing/brands/_active-brand.json and ~/.claude-marketing/brands/{slug}/profile.json.
  • Boundary markers: No delimiters or specific instructions are provided to prevent the agent from obeying instructions embedded within these files.
  • Capability inventory: The skill has the ability to execute subprocesses and read from the local filesystem.
  • Sanitization: There is no evidence of validation or sanitization for the data read from the JSON configuration files before it is used in logic or commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 01:18 AM