send-email-campaign
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill accesses brand profiles and SOPs stored in the ~/.claude-marketing/ directory, which is consistent with its stated purpose of managing personalized marketing workflows.
- [COMMAND_EXECUTION]: Local Python scripts such as email-subject-tester.py and spam-score-checker.py are executed to provide analytics and deliverability insights before sending.
- [PROMPT_INJECTION]: The skill processes user-supplied email content and external brand guidelines, which creates a surface for indirect prompt injection. Ingestion points: Recipient list data, target segment IDs, and email body content. Boundary markers: Absent from the instructions. Capability inventory: Execution of local scripts and network access via email platform MCP servers. Sanitization: No explicit sanitization or validation of input content is specified.
Audit Metadata