popup-cro
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The content is strictly limited to CRO best practices.
- [DATA_EXFILTRATION] (SAFE): No network requests (curl, wget, fetch), hardcoded credentials, or sensitive file path access detected.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns of remote script execution or package installations (npm, pip) are present.
- [OBFUSCATION] (SAFE): Analysis for Base64, zero-width characters, and homoglyphs returned no findings.
- [COMMAND_EXECUTION] (SAFE): The file contains no shell commands, system calls, or subprocess executions.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill provides static advice and does not include logic for ingesting or processing untrusted external data at runtime.
- [NO_CODE] (SAFE): The skill consists entirely of markdown documentation. There are no scripts or executable logic blocks to evaluate for runtime vulnerabilities.
Audit Metadata