onboarding-cro
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill is entirely composed of documentation and instructional templates in Markdown format. There are no scripts, binaries, or command executions provided within the skill files.
- [DATA_EXPOSURE] (SAFE): The skill references a local file path (
.claude/product-marketing-context.md) to acquire context for its consulting tasks. This is standard behavior for personalized AI interactions and does not target sensitive system files or credentials. - [INDIRECT_PROMPT_INJECTION] (SAFE):
- Ingestion points: Reads
.claude/product-marketing-context.mdto tailor onboarding recommendations. - Boundary markers: Not explicitly defined in the prompt text.
- Capability inventory: None; the skill lacks any capabilities to execute code, write to the filesystem, or communicate over the network.
- Sanitization: None; however, because the skill has no executable capabilities, the potential impact of malicious instructions within the context file is limited to the generation of biased or incorrect text advice, posing no technical risk to the system.
Audit Metadata