Skills
skills/fefogarcia/approved-skills/analytics-tracking/Gen Agent Trust Hub

analytics-tracking

Pass

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: LOWPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection surface via local file ingestion.
  • Ingestion points: The skill instructions in SKILL.md command the agent to read .claude/product-marketing-context.md if it exists.
  • Boundary markers: Absent. The agent is told to "use that context" and only ask for information not already covered.
  • Capability inventory: Based on the provided files, the agent generates implementation plans, naming conventions, and JavaScript code snippets.
  • Sanitization: Absent. If an attacker can modify the .claude/product-marketing-context.md file, they can inject instructions to influence the agent's output or recommendations.
  • EXTERNAL_DOWNLOADS (LOW): The skill documentation includes references to external script sources.
  • Evidence: references/gtm-implementation.md contains a snippet for the Facebook Pixel pointing to https://connect.facebook.net/en_US/fbevents.js.
  • Context: While these are standard industry practices for marketing analytics, they represent a dependency on external code which is presented to the user for implementation.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 15, 2026, 05:31 AM