utm-link-generator
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the Read, Write, and Bash tools for the legitimate purpose of managing a local tracking registry (utm-registry.json). These capabilities are restricted to specific application data and aligned with the skill's primary function.
- [SAFE]: Potential indirect prompt injection surfaces, such as user-supplied URLs and campaign parameters, are effectively mitigated by comprehensive sanitization logic. The skill requires the agent to normalize all inputs to lowercase, strip non-alphanumeric characters, and enforce a 50-character maximum per parameter.
- [SAFE]: No external network dependencies, remote code execution, or sensitive file access patterns were detected. All logic is self-contained and follows best practices for input validation and local state management.
Audit Metadata