paid-ads
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- Prompt Injection (LOW): The skill ingests data from .claude/product-marketing-context.md. This is an indirect prompt injection surface as the agent lacks explicit boundary markers or sanitization for this untrusted input. Evidence: (1) Ingestion point: .claude/product-marketing-context.md referenced in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: Access to ad platform tools via internal integrations. (4) Sanitization: Absent.
- NO_CODE (SAFE): No executable scripts or code files are included in this skill; it is comprised entirely of markdown reference material and templates.
Audit Metadata