analytics

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or critical security vulnerabilities were detected. The skill provides legitimate analytics configuration advice based on industry standards.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface (Category 8) by reading external context files.
  • Ingestion points: Instructions to read .agents/product-marketing.md, .claude/product-marketing.md, or product-marketing-context.md for business context (SKILL.md).
  • Boundary markers: No specific delimiters or exclusion instructions are provided for handling the contents of these external context files.
  • Capability inventory: The agent generates analytics implementation code and creates strategic event-tracking plans.
  • Sanitization: There are no specific instructions for validating or sanitizing the content of the project-specific marketing context files before use.
  • [DATA_EXFILTRATION]: The skill handles potentially sensitive user identifiers but incorporates defensive instructions.
  • It includes explicit instructions to avoid PII (Personally Identifiable Information) leakage, stating "No PII in analytics properties" and "No PII leaking" (SKILL.md).
  • It provides framework guidance for GDPR compliance and consent management to ensure data collection respects user privacy settings.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 11:13 AM
Security Audit — agent-trust-hub — analytics