retention-engagement
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns or security risks were identified in the skill files.
- The skill is entirely composed of Markdown documentation, workflows, and templates for business analysis.
- There are no scripts, binaries, or commands that execute code or perform network requests.
- The instructions explicitly state: "Do not request secrets or PII; prefer aggregated metrics and redacted funnels" in
SKILL.mdandreferences/CHECKLISTS.md. - Indirect Prompt Injection (LOW): The skill processes user-provided product data to generate reports.
- Ingestion points: Product details, segments, and metrics provided in the user prompt as defined in
SKILL.md(Inputs section) andreferences/INTAKE.md. - Boundary markers: No explicit delimiters are used for prompt interpolation, though inputs are mapped to specific Markdown template fields.
- Capability inventory: The skill only generates text/Markdown output. It possesses no capabilities for subprocess execution, file-system modification, or network communication.
- Sanitization: No specific sanitization logic is present for user inputs, but the lack of executable capabilities renders this surface non-exploitable.
Audit Metadata