analytics
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or critical security vulnerabilities were detected. The skill provides legitimate analytics configuration advice based on industry standards.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface (Category 8) by reading external context files.
- Ingestion points: Instructions to read .agents/product-marketing.md, .claude/product-marketing.md, or product-marketing-context.md for business context (SKILL.md).
- Boundary markers: No specific delimiters or exclusion instructions are provided for handling the contents of these external context files.
- Capability inventory: The agent generates analytics implementation code and creates strategic event-tracking plans.
- Sanitization: There are no specific instructions for validating or sanitizing the content of the project-specific marketing context files before use.
- [DATA_EXFILTRATION]: The skill handles potentially sensitive user identifiers but incorporates defensive instructions.
- It includes explicit instructions to avoid PII (Personally Identifiable Information) leakage, stating "No PII in analytics properties" and "No PII leaking" (SKILL.md).
- It provides framework guidance for GDPR compliance and consent management to ensure data collection respects user privacy settings.
Audit Metadata