referral-program
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): Analysis of the instructions reveals no attempts to override safety filters or extract system prompts.
- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive system paths (e.g., credentials) or perform any network-based exfiltration.
- Remote Code Execution & Dependencies (SAFE): No external scripts, packages, or remote execution patterns were found.
- Indirect Prompt Injection (SAFE): The skill includes an ingestion point for a local context file (.claude/product-marketing-context.md), but lacks any follow-on capabilities (such as shell execution, file writing, or network access) that would create a vulnerability. This is classified as an INFO-level observation.
- Obfuscation (SAFE): All content is in plain markdown with no encoded or hidden sections.
Audit Metadata