referral-program
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructions direct the agent to ingest content from local files (
.agents/product-marketing-context.mdor.claude/product-marketing-context.md) to gather project-specific context. This ingestion creates a surface for indirect prompt injection where an attacker who can modify these local files could influence the agent's behavior. - Ingestion points: The skill specifically reads local context files in the project directory as described in SKILL.md.
- Boundary markers: Absent; the skill does not specify any delimiters or instructions to ignore embedded commands within the ingested context.
- Capability inventory: No code execution (subprocess, eval, exec), file writing, or network capabilities are present in the provided files.
- Sanitization: Absent; the instructions do not include steps for validation, escaping, or filtering of the ingested data.
Audit Metadata