schema-markup
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses local project data to enhance its context. Specifically, it instructs the agent to read the
.claude/product-marketing-context.mdfile if it exists. This is a localized read operation for context gathering and does not involve access to sensitive system paths or external exfiltration.\n- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. It ingests data from local context files and user-provided schema markup without explicit boundary markers or sanitization logic. This could allow maliciously crafted input to influence the agent's generated code or implementation advice. Evidence Chain: 1. Ingestion points: .claude/product-marketing-context.md and user-provided existing schema; 2. Boundary markers: Absent; 3. Capability inventory: Generates JSON-LD code blocks and implementation strategies; 4. Sanitization: Absent.\n- [EXTERNAL_DOWNLOADS]: The skill provides links to trusted and well-known validation services, including Google's Rich Results Test and the official Schema.org Validator. These references are informative and point to industry-standard tools for verifying structured data integrity.
Audit Metadata