product-marketing-context
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection during its codebase analysis workflow.
- Ingestion points: In Step 2, the agent is instructed to read various files from the codebase, including READMEs, landing pages, and marketing copy, which are potential vectors for hidden malicious instructions.
- Boundary markers: The skill does not provide the agent with delimiters or instructions to ignore embedded commands within the files it reads.
- Capability inventory: The skill has the capability to read local project files and write the generated marketing context to the .claude/product-marketing-context.md file.
- Sanitization: There is no logic specified to sanitize or validate the content retrieved from external files before it is used to populate the marketing document.
Audit Metadata