product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override agent behavior were detected.
- [Data Exposure & Exfiltration] (SAFE): While the skill reads project files (README, package.json) to extract marketing context, it does not access sensitive system paths (like SSH keys or AWS credentials) or send data to external servers.
- [Remote Code Execution] (SAFE): The skill does not download or execute external scripts or packages.
- [Indirect Prompt Injection] (LOW):
- Ingestion points: The skill reads content from the local codebase including README, landing pages, marketing copy, and package.json.
- Boundary markers: None present; the skill treats content from these files as source material for the context document.
- Capability inventory: The skill has the capability to write a new file to
.claude/product-marketing-context.mdbased on what it reads. - Sanitization: No explicit sanitization or instruction to ignore embedded commands is present. An attacker with write access to the repository could embed malicious instructions in a README to influence the generated context document.
Audit Metadata