product-marketing-context
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to read and summarize local repository content such as README files, package.json, and marketing copy. While this presents an indirect prompt injection surface as the agent processes untrusted data, the risk is mitigated by the fact that the output is a document intended for human review and correction.
- [SAFE]: The skill's capabilities are limited to reading repository files and writing a markdown file to
.claude/product-marketing-context.md. There are no network operations, subprocess executions, or attempts to access sensitive system credentials. - [SAFE]: The skill does not use any external dependencies, remote scripts, or obfuscation techniques.
- [SAFE]: Indirect Prompt Injection Surface Analysis:
- Ingestion points: Reads repository files including README, landing pages, and package.json (documented in SKILL.md under Step 2).
- Boundary markers: None present; the skill treats content from files as data for summarization.
- Capability inventory: File system read and write access to the project directory.
- Sanitization: No explicit sanitization of input data is described.
Audit Metadata