product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes potentially untrusted content from the codebase (README, package.json, marketing copy) to auto-draft documentation, creating an attack surface for indirect prompt injection.\n
- Ingestion points: Reads codebase files including README, landing pages, and package.json.\n
- Boundary markers: Lacks explicit delimiters or instructions to ignore embedded commands within the processed files.\n
- Capability inventory: Inherits the agent's capability to read repository files and write the resulting context to .claude/product-marketing-context.md.\n
- Sanitization: No evidence of sanitization or content validation for the data retrieved from the codebase before it is processed by the model.
Audit Metadata