Skills
skills/noahjs/marketingskills/analytics-tracking/Gen Agent Trust Hub

analytics-tracking

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill's primary instruction set in SKILL.md directs the agent to read .claude/product-marketing-context.md before proceeding. This allows external, unvalidated content to influence the agent's logic and the resulting tracking plans or code snippets it generates.\n
  • Ingestion points: .claude/product-marketing-context.md (referenced in the 'Initial Assessment' section of SKILL.md).\n
  • Boundary markers: Absent; the skill does not provide delimiters or warnings to ignore potential instructions within the context file.\n
  • Capability inventory: The skill generates executable JavaScript code for analytics implementation (GA4 gtag, GTM dataLayer, and Facebook Pixel) and designs strategic measurement plans.\n
  • Sanitization: Absent; the agent is instructed to use the file context directly to inform its behavior without any validation or filtering steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 03:45 AM