gtm-reporting
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No security threats or malicious patterns were identified. The skill's functionality is limited to reading local project metadata and generating static documentation files.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads untrusted data from files like gtm-tracking-plan.json and gtm-implementation-log.json to populate its templates. This is considered safe as the skill lacks any capabilities to execute code or access the network, meaning any instructions embedded in those files cannot be leveraged for malicious purposes. Ingestion points: gtm-tracking-plan.json, gtm-implementation-log.json, gtm-test-results.json. Boundary markers: None. Capability inventory: Creation of static markdown documentation files. Sanitization: Not explicitly implemented.
Audit Metadata