page-cro
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- PROMPT_INJECTION (SAFE): The skill uses standard instructional language to define a persona ("You are a conversion rate optimization expert"). No override or bypass markers were detected.
- DATA_EXFILTRATION (SAFE): No hardcoded credentials, sensitive file paths, or network operations (curl, wget, etc.) are present. It optionally checks for a local file
.claude/product-marketing-context.mdfor context, which is a standard pattern for Claude-based skills. - REMOTE_CODE_EXECUTION (SAFE): There are no scripts, package managers, or remote download commands in the files.
- COMMAND_EXECUTION (SAFE): No shell commands or subprocess calls are present in the markdown content.
- OBFUSCATION (SAFE): Content is clear, readable markdown. No Base64, zero-width characters, or encoded strings were found.
- INDIRECT_PROMPT_INJECTION (LOW): While the skill processes information about marketing pages, it does so as an advisor. It lacks high-privilege capabilities (like file-writing or network access) that would make it a significant target for indirect injection.
Audit Metadata