retention-engagement
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWNO_CODE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The content is strictly instructional regarding business metrics.
- Data Exposure & Exfiltration (SAFE): No network operations (curl, wget, fetch) or access to sensitive local file paths (~/.ssh, .env) were detected. The skill does not contain hardcoded credentials.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not include any scripts, package manifests (package.json, requirements.txt), or commands to download and execute remote code.
- Indirect Prompt Injection (LOW): The skill is designed to process user-provided information about product funnels and retention. While this is a data ingestion surface, the skill lacks the capabilities (file-write, network-send, or subprocess-exec) required to weaponize an injection attack. It serves as a reasoning-only resource.
- Metadata Poisoning (SAFE): The metadata fields (name, description) accurately reflect the content and purpose of the skill without deceptive instructions.
Audit Metadata