onboarding-cro
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONNO_CODE
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data which creates a vulnerability surface. 1. Ingestion point: '.claude/product-marketing-context.md' (referenced in SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: No subprocess calls, network operations, or file-write capabilities across any scripts. 4. Sanitization: Absent. The severity is LOW because the impact is restricted to influencing agent reasoning within the session.
- [DATA_EXFILTRATION] (SAFE): No access to sensitive system paths or external domains was identified.
- [REMOTE_CODE_EXECUTION] (SAFE): No remote script downloads, package installations, or dynamic code execution patterns were detected.
Audit Metadata