page-cro
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to ingest and analyze marketing page content which may contain untrusted instructions. While the skill has no dangerous capabilities (like code execution), it lacks boundary markers to prevent the agent from following instructions embedded in the analyzed data.\n
- Ingestion points: Marketing page content provided by the user in SKILL.md.\n
- Boundary markers: Absent; no instructions provided to ignore or delimit embedded text.\n
- Capability inventory: The skill only generates text-based recommendations and copy alternatives.\n
- Sanitization: Absent.\n- [DATA_EXPOSURE] (SAFE): The skill references
.claude/product-marketing-context.md. Accessing localized project context files is a standard operation for context-aware agents and does not target sensitive system credentials or configuration files.
Audit Metadata