designing-growth-loops
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No attempts to override system instructions or bypass safety filters were detected. The skill uses standard instructional language for its intended purpose.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were found. The skill explicitly instructs the agent in
SKILL.mdandreferences/INTAKE.mdto not request secrets (API keys, tokens) or PII from users. - Unverifiable Dependencies & Remote Code Execution (SAFE): The skill contains no code, package manifests, or remote script execution patterns. It is purely markdown-based.
- Indirect Prompt Injection (LOW): While the skill ingests user-provided data about products and metrics to generate growth plans (an attack surface), it lacks dangerous capabilities like shell execution or arbitrary network requests that could be exploited via poisoned input. The risk is consistent with standard AI-user interactions.
Audit Metadata