Skills
skills/indranilbanerjee/digital-marketing-pro/roi-calculator/Gen Agent Trust Hub

roi-calculator

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes local Python scripts campaign-tracker.py and scripts/roi-calculator.py with arguments derived from user input or local configuration files.
  • [PROMPT_INJECTION]: The skill interpolates variables such as {slug} into shell commands, representing a surface for indirect prompt injection or command injection.
  • Ingestion points: User-supplied campaign names/metrics and brand profile files located in ~/.claude-marketing/.
  • Boundary markers: Absent; the skill does not use delimiters to isolate untrusted data in the process flow.
  • Capability inventory: Shell execution of Python scripts and local file system access (read/write).
  • Sanitization: Absent; there is no explicit validation or escaping described for variables interpolated into command strings.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:41 AM
Security Audit — agent-trust-hub — roi-calculator