launch-marketing
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of Markdown instructions, templates, and reference guides. There are no scripts (.py, .js, .sh), configuration files for package managers (package.json, requirements.txt), or executable binaries included in the skill pack.
- PROMPT_INJECTION (SAFE): The skill includes robust 'When NOT to use' sections and boundary examples in
SKILL.mdandreferences/EXAMPLES.md. These instructions explicitly direct the agent to refuse requests for fabricating claims, testimonials, or metrics, and to never perform external outreach (sending emails/posting) without explicit user approval. No malicious override patterns were detected. - DATA_EXFILTRATION (SAFE): No network operations (curl, wget, fetch) or sensitive file path access patterns were found. The skill operates solely by processing user-provided text to generate marketing artifacts within the chat context.
- INDIRECT_PROMPT_INJECTION (LOW):
- Ingestion points: The skill ingests untrusted user data such as product descriptions and target audience details defined in
SKILL.md. - Boundary markers: While it lacks specific technical delimiters for input interpolation, it relies on structured templates in
references/TEMPLATES.mdto organize data. - Capability inventory: The skill has no capabilities beyond text generation; it cannot write files, execute code, or make network requests.
- Sanitization: The skill includes a 'Truthfulness' rubric in
references/RUBRIC.mdto ensure generated content is substantiated. - OBFUSCATION (SAFE): Analysis of the Markdown files found no hidden characters, Base64 encoding, homoglyphs, or zero-width spaces meant to hide malicious instructions.
Audit Metadata