product-marketing-context
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): Indirect Prompt Injection vulnerability via codebase ingestion.
- Ingestion points: The skill reads files including README, landing pages, marketing copy, and package.json from the repository.
- Boundary markers: Absent; there are no instructions to ignore embedded commands or use specific delimiters when reading external content.
- Capability inventory: The skill has file-read access to the codebase and file-write access to the .claude/ directory.
- Sanitization: Absent; the skill does not validate or sanitize ingested file content before drafting the marketing document.
- Risk: An attacker who can modify repository files (e.g., via a Pull Request) could include malicious instructions that the agent follows during the drafting process or embeds in the .claude/product-marketing-context.md file, poisoning the context used by other skills.
Recommendations
- AI detected serious security threats
Audit Metadata