analytics-tracking-automation
Warn
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct users to clone and install code from a remote GitHub repository (
github.com/jtrackingai/analytics-tracking-automation.git) usinggit cloneandnpm install. - [COMMAND_EXECUTION]: The workflow relies on executing shell commands, including environment setup (
npm run install:skills) and a specialized CLI tool (npx event-tracking) used for site analysis and GTM synchronization. - [CREDENTIALS_UNSAFE]: The skill handles sensitive Google OAuth 2.0 credentials (
GOOGLE_CLIENT_ID,GOOGLE_CLIENT_SECRET) and caches authorization tokens in a local file (oauth-tokens.json) for persistence. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it crawls and processes content from external websites.
- Ingestion points: Website content is ingested during
npx event-tracking initandauditcommands. - Boundary markers: No specific boundary markers or safety instructions are mentioned to prevent the agent from following directions embedded in crawled sites.
- Capability inventory: The skill possesses the ability to modify and publish Google Tag Manager containers via API, execute browser automation with Playwright, and write to the local file system.
- Sanitization: No evidence of sanitization or filtering for crawled content is provided in the documentation.
Audit Metadata