paid-ads
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of instructional markdown files and does not contain any executable scripts, binaries, or automated installation logic.
- [SAFE]: A thorough review of all files revealed no signs of obfuscation, hardcoded credentials, suspicious network operations, or attempts at persistence.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by reading project context from the file .claude/product-marketing-context.md. (1) Ingestion points: .claude/product-marketing-context.md. (2) Boundary markers: None explicitly defined in the instructions. (3) Capability inventory: Interaction with advertising platform MCP tools. (4) Sanitization: None specified for the ingested context file. This surface is evaluated as safe as it is a standard mechanism for project-specific customization and lacks malicious directives.
Audit Metadata