product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to assist in document creation. It utilizes local project files (README, package.json, etc.) as source material to draft marketing context. This behavior is consistent with the stated purpose and does not involve high-risk operations such as network exfiltration or arbitrary code execution.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an ingestion surface by reading untrusted data from the codebase (README, landing pages) to auto-draft content. While this presents a theoretical surface for indirect prompt injection, the skill lacks dangerous capabilities (no network access or code execution) that would enable a successful exploit to cause harm.
- Ingestion points: SKILL.md (Workflow Step 2) specifies reading README, landing pages, and package.json.
- Boundary markers: Not present; the agent is instructed to read the files directly.
- Capability inventory: Limited to reading local files and writing the marketing document to
.agents/product-marketing-context.md. - Sanitization: No specific sanitization or filtering of the source file content is mentioned.
Audit Metadata