analytics-tracking
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): A comprehensive review of the skill across all 10 threat categories revealed no malicious patterns or safety violations.
- [NO_CODE] (SAFE): The skill is purely documentation-based and does not execute scripts, commands, or binary files. JavaScript snippets in the reference files are provided for the user to implement manually in their own environments.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, secrets, or attempts to access sensitive system files (such as SSH keys or AWS credentials) were detected.
- [Indirect Prompt Injection] (SAFE): The skill identifies a potential injection surface by reading external context data. (1) Ingestion points: .claude/product-marketing-context.md (referenced in SKILL.md). (2) Boundary markers: Absent. (3) Capability inventory: No subprocess calls, exec/eval calls, file-write operations, or network operations found across any scripts. (4) Sanitization: Absent. Since the skill has no executable capabilities, the potential for indirect prompt injection to trigger malicious actions is negligible.
Audit Metadata