analytics-tracking
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious behavior, obfuscation, or insecure code execution patterns were identified. The skill is primarily documentation-based.- Indirect Prompt Injection (SAFE): The skill includes instructions to read a local project file (
.claude/product-marketing-context.md) for business context. While this is an ingestion point for external data, the skill has no dangerous capabilities (like shell execution or network requests) to exploit. Evidence: 1. Ingestion points: .claude/product-marketing-context.md (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: None detected; 4. Sanitization: Absent.- External Downloads (SAFE): References to third-party scripts (e.g., Google Analytics, Facebook Pixel) are provided as documentation examples for the user's client-side implementation and are not executed by the agent itself.
Audit Metadata