onboarding-cro
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: No security issues were detected in the provided files. The skill focuses on providing conceptual frameworks and task instructions for the AI agent.
- [PROMPT_INJECTION]: The skill uses role-playing instructions to define the agent's expertise in user onboarding. No attempts to bypass safety guardrails or extract system prompts were found.
- [DATA_EXFILTRATION]: The skill references a local file .claude/product-marketing-context.md to acquire business context. This is a standard practice for context-aware agents and does not involve exfiltration of sensitive information.
- [NO_CODE]: The skill does not contain any executable scripts, minimizing the risk of remote code execution or unauthorized system modifications.
- [PROMPT_INJECTION]: The skill defines a surface for processing external context data which could potentially be manipulated by an attacker. 1. Ingestion points: .claude/product-marketing-context.md (referenced in SKILL.md). 2. Boundary markers: Not present. 3. Capability inventory: No executable scripts or tools are included in this skill. 4. Sanitization: No explicit sanitization or validation of the context file is defined.
Audit Metadata