referral-program
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill instructs the agent to read context from a local file
.claude/product-marketing-context.mdif it exists. While this is a data ingestion point, the skill itself lacks any tools, script execution, or network capabilities that could be exploited by malicious content within that file. It is strictly advisory in nature. - Unverifiable Dependencies (SAFE): No external packages or remote scripts are referenced or installed by this skill.
- Data Exposure (SAFE): The skill asks for business metrics (LTV, CAC, budget) to provide advice, but it does not contain code to exfiltrate this data or access sensitive system files.
Audit Metadata