gtm-strategy
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute filesystem search tools, specifically Glob and Grep, to locate component files and identify tracking-related code patterns (e.g., classes, IDs, and window.dataLayer.push calls). This behavior is part of the core functionality to automate element discovery.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from the user's source code files during its proactive scanning phase.
- Ingestion points: The agent reads contents from
package.jsonand various frontend component files located inapp/,pages/, andcomponents/directories using Glob and Grep. - Boundary markers: There are no specified delimiters or system instructions to treat the scanned file content strictly as data, leaving the agent open to following instructions embedded within code comments or string literals in the analyzed files.
- Capability inventory: The agent has the ability to read the filesystem, generate and save a JSON tracking plan (
gtm-tracking-plan.json), and is instructed to transition to other skills likegtm-setuporgtm-implementationbased on its findings. - Sanitization: The skill lacks mechanisms to sanitize or validate the content of the files it scans before incorporating that data into its strategic planning logic.
Audit Metadata