gtm-diff
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses local files 'gtm-token.json' and 'gtm-config.json' to retrieve sensitive API tokens and configuration settings for Google Tag Manager access.
- [COMMAND_EXECUTION]: Employs Javascript snippets within the skill workflow to dynamically execute calls to the Google Tag Manager API for workspace and resource enumeration.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection from processed data.
- Ingestion points: 'gtm-context.md', 'gtm-implementation-log.json', and GTM API response data for tags, triggers, and variables.
- Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the ingested data.
- Capability inventory: Reading local files and performing authenticated network requests to well-known service APIs (Google).
- Sanitization: No escaping or validation is implemented for data fetched from GTM or local files before processing.
Audit Metadata