product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data from the repository's codebase to automatically draft a marketing context document.\n
- Ingestion points: Reading codebase files (README, landing pages, package.json, etc.) in Step 2: Gather Information.\n
- Boundary markers: There are no explicit instructions or delimiters provided to the agent to treat the ingested codebase content as untrusted or to ignore instructions within those files.\n
- Capability inventory: The skill uses file-read and file-write capabilities but lacks network access or subprocess execution.\n
- Sanitization: No validation or sanitization of the ingested content is performed before processing it into the marketing document.\n- [NO_CODE]: This skill consists entirely of natural language instructions and markdown templates. It does not include any executable scripts, binaries, or automated code execution patterns.
Audit Metadata