Skills
skills/soborbo/claudeskills/zero-cost-tracking/Gen Agent Trust Hub

zero-cost-tracking

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the @leadgen/conversion-tracking npm package. This package is not hosted on a trusted repository or organization as defined in the security policy.
  • DATA_EXFILTRATION (LOW): The skill captures PII including email addresses and phone numbers from user forms and transmits them to external analytics platforms. This behavior is consistent with the skill's primary purpose.
  • PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface by processing untrusted data from user forms. 1. Ingestion points: HTML form data in handleSubmit snippet. 2. Boundary markers: No delimiters or ignore instructions present. 3. Capability inventory: Includes network fetch calls to /api/lead. 4. Sanitization: No explicit data sanitization is shown in the provided code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 11:44 PM