product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from untrusted codebase files like README and package.json to generate marketing content. • Ingestion points: Reads codebase files including README, landing pages, and package.json. • Boundary markers: No delimiters or ignore instructions are present to separate user content from system instructions. • Capability inventory: Performs local file reading and writes to the .claude/product-marketing-context.md file. • Sanitization: No validation or sanitization of the ingested file content is implemented.
- [COMMAND_EXECUTION]: The skill performs file system operations by writing the gathered marketing context to a file named .claude/product-marketing-context.md.
Audit Metadata