creative-direction
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill is composed exclusively of Markdown files that define logic, workflows, and reference materials. No Python, JavaScript, Shell scripts, or binaries are included.
- [SAFE]: Analysis of the workflows revealed no malicious patterns, such as credential theft, data exfiltration, or obfuscation. The skill's functionality is limited to processing text and saving a final report via standard agent capabilities.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted external data, though no malicious behavior was detected.
- Ingestion points: In
workflows/01-gtm-intake.md, the skill intakes product data and ICP information from a file path or raw text provided in$ARGUMENTS. - Boundary markers: The workflows do not implement specific boundary markers or "ignore embedded instructions" delimiters for the ingested GTM data.
- Capability inventory: Across all workflows, the skill's capabilities are limited to reading the input data and writing the final
[product-name]-creative-direction.mdfile (Phase 5). - Sanitization: No content sanitization or validation of the input data is performed; the skill assumes the strategic input is legitimate marketing data.
Audit Metadata