lead-gen-calculator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate framework for creating interactive calculators and lead capture forms.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Client-side state management is handled using
localStorage, which is a standard approach for maintaining user progress in multi-step forms. The skill enforces a rule that personal data (email, phone) is only collected in the final step, reducing early exposure. - [EXTERNAL_DOWNLOADS]: The skill references Google Tag Manager (
googletagmanager.com) for event tracking, which is a well-known and trusted service. No other external scripts or unauthorized downloads were found. - [PROMPT_INJECTION]: The instructions in
SKILL.mdcontain strict validation logic (using 'PASS', 'WARN', and 'FAIL' statuses) to ensure the AI agent generates a compliant and user-friendly interface. These are internal constraints and not malicious injection patterns. - [COMMAND_EXECUTION]: There is no evidence of shell command execution, subprocess spawning, or unsafe evaluation of strings as code.
Audit Metadata