product-analytics
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill primarily contains documentation, platform-specific guides, and evaluation tasks for data analysis. No malicious code or hidden instructions were detected in any of the provided files.
- [COMMAND_EXECUTION]: The evaluation tasks (e.g., in
evals/merchandising-health-score-calculation/task.md) prompt an agent to create and run TypeScript scripts usingnpx ts-nodeto process sample JSON data. This is a standard part of the skill's instructional purpose for automating business reports. - [EXTERNAL_DOWNLOADS]: The documentation references well-known e-commerce services and apps such as Inventory Planner, Metorik, Glew.io, Hotjar, and Google Analytics. These are recognized industry-standard tools for the mentioned platforms (Shopify, WooCommerce, BigCommerce).
- [INDIRECT_PROMPT_INJECTION]: The skill defines tasks for processing external data structures (JSON and SQL event logs). While this ingestion point is a potential surface for indirect injection from untrusted data, the skill provides specific schemas and criteria that encourage structured and validated data handling.
Audit Metadata