marketing-ideas
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions (Category 8: Indirect Prompt Injection) recommend that the agent read marketing context from local files such as
.agents/product-marketing.md,.claude/product-marketing.md, orproduct-marketing-context.md. This ingestion of external data without sanitization or boundary markers creates a surface where malicious instructions embedded in those files could influence the agent's behavior. - Ingestion points:
SKILL.md(lines 14-15) directs the agent to read specific markdown files from the project environment. - Boundary markers: Absent. The skill does not provide instructions to treat the ingested file content as untrusted or to ignore executable commands within them.
- Capability inventory: This skill does not include standalone scripts or tools, but the injection could target the host agent's native tools (e.g., shell execution, file system access) if the agent possesses them.
- Sanitization: No filtering or validation of the context file content is performed.
- [NO_CODE]: The skill contains no executable code, scripts (Python/JavaScript), or binary components. It is composed entirely of Markdown documentation and JSON evaluation data, which eliminates risks associated with remote code execution, persistence, or privilege escalation from within the skill's own assets.
Audit Metadata