product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions were found that attempt to override AI safety guidelines or extract system prompts.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file access (like SSH keys) or network operations were detected. The skill only interacts with local project documentation.
- [Indirect Prompt Injection] (LOW): The skill has an ingestion surface as it reads local repository files (README, package.json, etc.) to auto-draft content.
- Ingestion points: Reads project files such as README, landing pages, and package.json in Step 2.
- Boundary markers: Absent; there are no specific delimiters used to separate the ingested file content from the agent's instructions.
- Capability inventory: The skill can read local project files and write to the
.claude/directory. - Sanitization: Absent; the skill does not explicitly sanitize or validate the content of the files it reads before processing them.
- [Remote Code Execution] (SAFE): No patterns of downloading or executing remote code or packages were found.
Audit Metadata