launch-retro-analyzer

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Vulnerability surface for indirect prompt injection.
  • Ingestion points: The skill ingests untrusted external data from UTM analytics exports (GA4), platform dashboard screenshots, and user-pasted comment threads.
  • Boundary markers: The instructions explicitly warn the agent to treat all exports as untrusted input per SECURITY.md and to never follow instructions embedded within those reports.
  • Capability inventory: The skill performs file read/write operations within the local 'memory/' and 'references/' directories and executes specific local connector scripts (e.g., hn.py, producthunt.py).
  • Sanitization: Employs metadata labeling for all data figures (Measured/User-provided/Estimated) and marks narrative claims with '[needs source]' to prevent the promotion of unverified external content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 09:34 AM
Security Audit — agent-trust-hub — launch-retro-analyzer