gtm-implementation
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability surface detected in the automated implementation workflow.
- Ingestion points: The skill reads event definitions and parameter names from an external file named 'gtm-tracking-plan.json' (Phase 1.1).
- Boundary markers: There are no delimiters or instructions used to prevent the agent from obeying instructions embedded within the JSON data.
- Capability inventory: The skill uses an 'Edit' tool to perform modifications on source code files (e.g., .tsx, .jsx, .vue) and interacts with the Google Tag Manager API to create or update tags, triggers, and variables.
- Sanitization: No evidence of input validation or escaping for the data extracted from the tracking plan is present before it is interpolated into the codebase or API payloads.
Audit Metadata