gtm
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): No instructions found that attempt to override agent behavior or bypass safety filters. The language is purely instructional and focused on GTM configuration.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths detected. Measurement IDs use non-sensitive placeholders (e.g., 'G-XXXXXXXXXX'). Network references are limited to official Google documentation and tools.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not perform any package installations or download remote scripts for execution. It is entirely documentation-based.
- [Obfuscation] (SAFE): No Base64, zero-width characters, or homoglyphs were found. Content is transparent and human-readable.
- [Indirect Prompt Injection] (SAFE): This skill provides reference material for GTM implementation and does not ingest or process untrusted external data into the agent's logic.
- [No Code] (INFO): The skill contains only Markdown text and configuration examples. No executable scripts (.py, .js, .sh) are included in the provided file.
Audit Metadata