product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection because it ingests untrusted data from the repository files during the 'Auto-draft' workflow without explicit boundary markers or instructions to ignore embedded commands.
- Ingestion points: Step 2 (Gather Information) reads the codebase including README, landing pages, marketing copy, and package.json.
- Boundary markers: Absent; the skill does not instruct the agent to distinguish between data and instructions within the retrieved files.
- Capability inventory: File-read (various repository files) and File-write (.claude/product-marketing-context.md).
- Sanitization: Absent; content is summarized and written to a persistent file without escaping or validation.
Audit Metadata