scorecard-marketing
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill is composed entirely of informational markdown files; no executable scripts, binaries, or configuration files are present.
- [Data Exposure] (SAFE): No hardcoded secrets, credentials, or sensitive file paths were detected. The discussion of lead data capture is aligned with the skill's marketing purpose.
- [Prompt Injection] (SAFE): No patterns of prompt injection or instructions to bypass safety guidelines were found.
- [Indirect Prompt Injection] (SAFE): The skill defines a surface for ingesting user data via questionnaires. While this is an attack surface, the files are static documentation and contain no processing logic. Findings: (1) Ingestion points: quiz answers and lead forms; (2) Boundary markers: absent; (3) Capability inventory: mentions of CRM triggers and email flows; (4) Sanitization: not mentioned in reference files.
Audit Metadata