review-response
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill accesses brand-specific context and guidelines from a dedicated local directory (
~/.claude-marketing/). These operations are restricted to the application's data structure and do not target sensitive system files or credentials. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted "Review text" from external platforms. Maliciously crafted reviews could contain instructions aimed at bypassing brand guidelines or altering the agent's behavior.
- Ingestion points: Review text input field (SKILL.md).
- Boundary markers: None identified.
- Capability inventory: Local file reads for brand configuration and guidelines; no network or command execution capabilities.
- Sanitization: None identified.
Audit Metadata