marketingskills-agent-skills
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include commands to download marketing-related markdown files and templates from a public GitHub repository using
curlandgit clone. These resources are used to populate a local directory for agent reference. - [COMMAND_EXECUTION]: The installation guide suggests the use of standard shell commands such as
mkdir,npx skills, andchmodto initialize the project environment. These are common practices for deploying development tools. - [PROMPT_INJECTION]: The skill architecture relies on the creation and consumption of local context files (e.g.,
product-marketing-context.md) which ingest user-supplied project details. While this is an intended feature for personalization, it establishes a potential surface for indirect prompt injection if the processed data contains instructions designed to manipulate agent behavior. - Ingestion points:
.skills/product-marketing-context.md,.skills/competitor-analysis.md,.skills/customer-research.md. - Boundary markers: None defined in the skill documentation.
- Capability inventory: File system modifications and network operations via standard CLI tools.
- Sanitization: No specific sanitization or input validation mechanisms are described.
Audit Metadata