growth-embedded
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill uses standard instructional language for Claude. No override markers, role-play injections, or attempts to extract system prompts were detected.
- Data Exposure & Exfiltration (SAFE): No sensitive file paths (e.g., .ssh, .aws) or hardcoded credentials are present. The code snippets provided are generic templates for analytics tracking and do not include network-sending functions like curl or fetch to external domains.
- Obfuscation (SAFE): All content is in clear text. No Base64 encoding, zero-width characters, or homoglyphs were found.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not include any package manager files (requirements.txt, package.json) and does not perform any remote script execution (curl | bash).
- Privilege Escalation (SAFE): No commands related to privilege escalation (sudo, chmod, etc.) are present.
- Persistence Mechanisms (SAFE): The skill does not attempt to modify shell profiles, crontabs, or system services.
- Indirect Prompt Injection (SAFE): While the skill provides templates for processing user data (e.g., referral codes), it does not provide any scripts or tools that would execute this data, thus presenting no active vulnerability surface within the agent's environment.
Audit Metadata