onboarding-cro
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No malicious instructions such as 'ignore previous instructions' or attempts to bypass safety filters were found. The skill uses standard instructional prompts to define its persona as an onboarding expert.
- [DATA_EXFILTRATION] (SAFE): The skill does not perform any network operations. While it attempts to read a local file (
.claude/product-marketing-context.md), this is a known pattern for contextualizing agent behavior with project-specific data and does not involve accessing sensitive system files or credentials. - [REMOTE_CODE_EXECUTION] (SAFE): No mechanisms for downloading or executing remote code were identified. There are no shell commands, curl/wget calls, or piped execution patterns.
- [COMMAND_EXECUTION] (SAFE): The skill consists entirely of Markdown documentation and does not invoke any subprocesses or system-level commands.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or secrets were found in the metadata or the reference files.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses an ingestion point via the
.claude/product-marketing-context.mdfile. However, since the skill has no dangerous capabilities (no network access, no file-writing, no command execution), the risk of an indirect prompt injection causing harm is negligible. The agent simply uses the file's content to tailor its marketing advice.
Audit Metadata