signup-flow-cro
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown-based instructions and metadata. No scripts (Python, JavaScript, Bash) or executable binaries are included.
- [DATA_EXPOSURE] (LOW/INFO): The skill references reading a local file
.claude/product-marketing-context.mdto gain context. This is a standard practice for project-specific AI instructions and does not involve unauthorized access or exfiltration of sensitive system data. - [INDIRECT_PROMPT_INJECTION] (INFO): While the skill ingests external content from a context file, it lacks any high-privilege capabilities such as network access, file writing, or command execution. Therefore, even if the external file contained malicious instructions, the agent has no dangerous tools to exploit, rendering the risk negligible.
Audit Metadata