referral-program
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill is composed entirely of informational Markdown documents and does not include any scripts or executable files.
- [Prompt Injection] (SAFE): No malicious override instructions or safety bypass attempts were detected in the skill content.
- [Data Exposure & Exfiltration] (SAFE): No credentials, sensitive system paths, or network exfiltration patterns were identified.
- [Indirect Prompt Injection] (SAFE): The skill suggests reading user-provided marketing context from '.claude/product-marketing-context.md', which constitutes a potential ingestion point for untrusted data. However, as the skill possesses no functional capabilities like command execution, file writing, or network access, the risk is negligible. Evidence Chain: 1. Ingestion points: .claude/product-marketing-context.md (referenced in SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: None (Advisory skill only); 4. Sanitization: Absent
Audit Metadata