retention-engagement
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- No Code (SAFE): The skill is composed entirely of Markdown templates and instructions. No executable scripts, binaries, or configuration files for code environments (such as requirements.txt or package.json) are present.
- Data Exposure & Exfiltration (SAFE): No sensitive file access or network activity was detected. The skill explicitly warns against requesting PII or credentials in INTAKE.md and SKILL.md.
- Indirect Prompt Injection (SAFE): While the skill processes user-supplied data such as product metrics and goals, it lacks the technical capabilities (shell access, network calls, or file writes) to execute malicious payloads or exfiltrate data. Ingestion points: Product descriptions and metrics provided by the user in response to INTAKE.md; Boundary markers: None (standard Markdown structure); Capability inventory: Purely text-based output generation; Sanitization: None.
- Metadata Poisoning (SAFE): The metadata in skillpack.json and the YAML frontmatter in SKILL.md are descriptive and contain no executable instructions or deceptive content.
Audit Metadata