popup-generator
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No prompt injection patterns were detected. The instructions are benign and focused on UI/UX design guidance.- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill mentions reading local project context files such as ".claude/product-marketing-context.md". This is a standard practice for IDE-integrated AI agents to understand project goals and does not constitute unauthorized data access or exfiltration. No network requests or sensitive file access (e.g., SSH keys) were found.- [INDIRECT_PROMPT_INJECTION]: The skill has a data ingestion surface as it reads marketing context files. However, it lacks any dangerous capabilities (subprocess execution, network access, or file-writing) that could be exploited by malicious content within those files.
- Ingestion points: ".claude/product-marketing-context.md", ".cursor/product-marketing-context.md"
- Boundary markers: Absent
- Capability inventory: None detected
- Sanitization: Absent
Audit Metadata