gtm-analytics-audit
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a static analysis engine, parsing JSX, TSX, and Vue files to extract structural information about clickable elements. It does not execute the code it parses.
- [DATA_EXPOSURE]: While the skill reads project files, it targets standard component directories and does not attempt to access sensitive system files or credentials.
- [PROMPT_INJECTION]: The skill possesses a data ingestion surface (app/, components/, pages/, src/) without explicit boundary markers or sanitization. However, the capability inventory is restricted to local file reading and writing (audit-report.json), with no network operations or command execution, rendering the indirect prompt injection risk negligible.
Audit Metadata