marketing-sms

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a knowledge base and instruction set for SMS marketing workflows. All external services mentioned (Klaviyo, Twilio, Attentive, etc.) are well-known industry-standard platforms. Instructions regarding TCPA, GDPR, and CASL compliance align with industry best practices and include appropriate legal disclaimers.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest external context from local files and user input to tailor marketing strategies.
  • Ingestion points: The skill reads business context and product marketing details from local workspace files (e.g., .agents/product-marketing.md) and user prompts as defined in SKILL.md.
  • Boundary markers: Absent. The instructions do not specify clear delimiters or "ignore" instructions for the embedded content within the ingested files.
  • Capability inventory: The skill indicates integration with external tools (Klaviyo, Brevo) via the platform's tool registry, though no execution code is present in the provided files.
  • Sanitization: Absent. There is no explicit logic for sanitizing or validating the ingested marketing context before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:26 PM
Security Audit — agent-trust-hub — marketing-sms