popup-cro
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions specify reading from a local file (".claude/product-marketing-context.md") to inform its recommendations. This creates a surface for indirect prompt injection where instructions embedded in that file could influence agent behavior.
- Ingestion points: ".claude/product-marketing-context.md" (referenced in "Initial Assessment").
- Boundary markers: None provided; the agent is instructed to "read it before asking questions".
- Capability inventory: The skill is limited to providing text-based recommendations and does not possess capabilities for command execution, file system modification, or network requests.
- Sanitization: No specific sanitization or validation of the context file content is defined.
- [NO_CODE]: The skill consists entirely of markdown instructions and guidelines without any accompanying scripts or executable code, which inherently limits its ability to perform malicious system-level actions.
Audit Metadata