product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to bypass safety filters or override system prompts were found. The use of 'Important' refers to data collection best practices.
- Data Exposure & Exfiltration (SAFE): While the skill reads project files (README, package.json), this is consistent with its stated purpose of auto-drafting marketing context. There are no network operations or attempts to exfiltrate data to external domains.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not install third-party packages or execute remote scripts. It relies purely on text processing and local file I/O.
- Obfuscation (SAFE): No encoded strings, hidden characters, or homoglyphs were detected in the instructions or metadata.
- Indirect Prompt Injection (LOW): The skill reads untrusted data from the codebase (e.g., README, marketing copy) to generate a draft. While an attacker could theoretically place instructions in these files to influence the generated marketing document, the skill lacks dangerous capabilities like code execution or network access, making the risk negligible. This is an inherent surface for any file-reading skill.
- Persistence and Privilege Escalation (SAFE): The skill does not attempt to modify system configurations, shell profiles, or acquire elevated permissions.
Audit Metadata