cro-expert-kit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill instructions in SKILL.md focus purely on CRO methodologies (LIFT model, Fitts's Law) and do not contain any patterns designed to bypass AI safety filters or override system prompts.
- Data Exposure & Exfiltration (SAFE): There are no hardcoded credentials, API keys, or access to sensitive local file paths (e.g., ~/.ssh, .env). No network requests are initiated by the provided scripts.
- Obfuscation (SAFE): All files are written in clear text. No Base64, zero-width characters, or other encoding techniques are used to hide malicious intent.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not download external scripts or packages. The
scripts/conversion_calc.jsfile is a self-contained utility using only standard arithmetic and console logging. - Dynamic Execution (SAFE): No use of eval(), exec(), or other dynamic code execution functions was found. The Node.js script processes command-line arguments as static values for calculation.
- Indirect Prompt Injection (SAFE): Although intended to analyze landing page content (untrusted data), the skill provides a standard diagnostic framework and does not feature unsafe interpolation or dangerous capabilities (like file writing or network sending) that could be exploited via data poisoning.
Audit Metadata