launch-strategy
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to automatically ingest data from an external file, creating an attack surface for indirect prompt injection.
- Ingestion points: The skill explicitly directs the agent to read
.claude/product-marketing-context.mdif it exists. - Boundary markers: There are no instructions provided to treat the content of this file as untrusted or to ignore embedded instructions within that file.
- Capability inventory: While this skill itself is markdown-based and does not execute code, it is designed to influence the agent's behavior and reasoning process.
- Sanitization: No sanitization or validation of the external file's content is performed before it is added to the agent's context.
Audit Metadata