paid-ads
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): The skill utilizes standard persona instructions to define its role as a performance marketer. There are no patterns indicating attempts to bypass safety guardrails or extract system prompts.
- Data Exposure & Exfiltration (SAFE): No credentials, secrets, or sensitive file paths are present. The skill references a local context file for marketing data, which is standard behavior.
- Remote Code Execution (SAFE): The skill does not contain any executable code, scripts, or remote download commands.
- Obfuscation (SAFE): All content is provided in plain Markdown with no evidence of encoding, hidden characters, or homoglyphs.
- Indirect Prompt Injection (SAFE): While the skill processes user-provided campaign goals and local marketing context, it lacks the technical capabilities (e.g., shell access, file-writing, or network requests) within its own files to facilitate an exploit. Ingestion points: .claude/product-marketing-context.md and user inputs. Boundary markers: Absent. Capability inventory: None. Sanitization: Absent.
Audit Metadata