referral-viral-loops
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's content is primarily educational and instructional, focusing on marketing growth mechanics without introducing dangerous operations.
- [INDIRECT_PROMPT_INJECTION]: The skill involves processing user-provided data in the form of referral codes. These represent an ingestion point for untrusted data into the application logic. The provided TypeScript examples include basic sanitization using regex to strip non-alphabetic characters during code generation, reducing the risk of injection into database queries or subsequent agent prompts. Capability inventory includes database writes and reward fulfillment based on these inputs.
- [DATA_EXPOSURE]: Analysis confirms the absence of hardcoded credentials, API keys, or sensitive file paths. All URLs provided are for well-known e-commerce services or use generic placeholders.
Audit Metadata