analytics-tracking
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- Prompt Injection (SAFE): No markers found for bypassing safety guidelines or overriding instructions.
- Data Exposure & Exfiltration (SAFE): No sensitive data access or exfiltration patterns identified.
- Obfuscation (SAFE): No use of encoding or hidden characters to mask intent.
- Unverifiable Dependencies & RCE (SAFE): No external downloads or remote code execution in the agent environment.
- Privilege Escalation (SAFE): No usage of sudo or administrative commands.
- Persistence Mechanisms (SAFE): No modification of startup scripts or cron jobs.
- Metadata Poisoning (SAFE): No malicious instructions hidden in headers or metadata.
- Indirect Prompt Injection (LOW): The skill ingests untrusted data from '.claude/product-marketing-context.md' (Ingestion: local file; Boundary: absent; Capability: instructional output; Sanitization: absent). Severity is LOW as it only influences the agent's reasoning.
- Time-Delayed / Conditional Attacks (SAFE): No conditional logic identified.
- Dynamic Execution (SAFE): No runtime code generation or unsafe data loading.
Audit Metadata