Skills
skills/majiayu000/claude-skill-registry/executive-cmo/Gen Agent Trust Hub

executive-cmo

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill consists of a markdown instruction file and metadata without any associated executable scripts or binary files.
  • [PROMPT_INJECTION]: The skill definition possesses an attack surface for indirect prompt injection via the ingestion of untrusted external data.
  • Ingestion points: The skill utilizes the WebSearch and WebFetch tools to retrieve information from external, potentially attacker-controlled websites.
  • Boundary markers: There are no delimiters or specific safety instructions provided to the agent to differentiate its primary instructions from content fetched from the web.
  • Capability inventory: The agent is granted Write access to the filesystem and WebFetch network capabilities, which could be leveraged if the agent is influenced by malicious instructions in fetched content.
  • Sanitization: No sanitization or validation of the content retrieved from the web is specified within the skill definition.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 12:18 PM