launch-asset-packager
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as an organizational manifest for marketing assets and does not exhibit any malicious patterns, obfuscation, or unauthorized data access.- [INDIRECT_PROMPT_INJECTION]: The skill identifies a potential injection surface when processing external asset lists and store exports, and it provides specific instructions for mitigation.
- Ingestion points: Reads user-provided asset inventories, store console exports, and press-kit drafts as mentioned in the instructions.
- Boundary markers: No specific delimiters are used to wrap the input data.
- Capability inventory: The skill writes manifest data to the local project memory directory but does not execute external code.
- Sanitization: Includes a clear instruction to treat all external exports as untrusted and to ignore any commands embedded within them.
Audit Metadata