product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its repository auto-drafting functionality.
- Ingestion points: In Step 2, the skill reads content from
README.md,package.json, landing pages, and various marketing documents within the repository. - Boundary markers: Absent. There are no instructions or delimiters provided to the agent to help it differentiate between data content and potential malicious instructions embedded in the codebase files.
- Capability inventory: The skill is capable of reading repository files and writing output to
.claude/product-marketing-context.md. It does not have access to system commands or external network resources. - Sanitization: Absent. Content extracted from the repository is interpreted and incorporated into the draft without any validation or filtering.
Audit Metadata