ugc-hook-analyzer
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No prompt injection or behavior override patterns were detected. The instructions follow standard marketing analysis guidelines.
- [SAFE]: No data exfiltration or credential harvesting patterns were found. The skill processes user-supplied CSV data locally for analysis.
- [SAFE]: The skill accesses a local configuration file
.claude/brand-context.mdto ground its analysis in brand-specific data, which is a standard practice for personalization within this agent environment. - [SAFE]: No remote code execution (RCE), unsafe dependencies, or dynamic code execution patterns (like eval or exec) were identified.
- [SAFE]: There are no persistence mechanisms, privilege escalation attempts, or obfuscated content within the skill.
- [SAFE]: While the skill represents an indirect prompt injection surface (Category 8) due to processing external CSV data, it lacks the functional capabilities (network access, file system writes, or shell execution) required for such an injection to be exploited.
- Ingestion points: User-provided CSV exports and data tables.
- Boundary markers: Absent.
- Capability inventory: None (analytical text output only).
- Sanitization: Absent.
Audit Metadata