referral-program
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): The skill consists exclusively of documentation and instructional markdown files. No executable scripts (.py, .js, .sh) or configuration files for code execution are present.
- Prompt Injection (SAFE): The instructions focus on marketing expertise and do not contain patterns typical of prompt injection attacks, such as requests to ignore prior instructions or bypass safety filters.
- Data Exposure (SAFE): No hardcoded credentials or sensitive file paths were detected. The skill's reference to a local marketing context file (.claude/product-marketing-context.md) is a standard practice for personalizing agent responses and does not involve exfiltration.
- Indirect Prompt Injection (SAFE): Although the skill identifies an ingestion surface for untrusted data, the risk is negligible as it lacks any executable capabilities. 1. Ingestion points: .claude/product-marketing-context.md (referenced in SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: None (no subprocess calls, network operations, or file-write capabilities). 4. Sanitization: Absent.
Audit Metadata