Is michaelhoughtondebox/product-marketing-context safe?

https://github.com/openclaw/skills/tree/main/skills/michaelhoughtondebox/product-marketing-context

92
SAFE

This skill is a well-structured marketing context capture tool with no prompt injection, no executable code, no exfiltration instructions, and no suspicious install-time behavior. The only notable risks are a broad codebase read scope (disclosed and purpose-aligned) and an architectural dependency on a shared context file consumed by other marketing skills. Canary files were not touched by the skill; all integrity checks pass.

Category Scores

Prompt Injection 92/100 · 30%
Data Exfiltration 86/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 88/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 88/100 · 5%

Findings (3)

LOW Broad codebase read scope may incidentally surface sensitive files -14

The skill instructs the agent to read 'README, landing pages, marketing copy, about pages, meta descriptions, package.json, any existing docs' during auto-draft mode. While this is disclosed and aligned with the stated purpose, the open-ended 'any existing docs' phrasing could cause the agent to read files outside the intended marketing corpus if the user's working directory contains sensitive material co-located with documentation.

INFO Cross-skill shared context creates a secondary injection surface -8

The skill creates .claude/product-marketing-context.md explicitly for consumption by other marketing skills. If a future malicious marketing skill were installed and consumed this file without proper boundaries, attacker-controlled data entered by a user during onboarding could influence that downstream skill. This is an architectural risk inherent to shared context files, not a defect in this skill.

INFO Background OS network connections recorded during install window -12

Network captures show connections to 91.189.91.48:443 and 185.125.188.58:443 during the install window. These IPs belong to Canonical/Ubuntu infrastructure (apt update, snap, motd-news) and correspond to background OS services executing concurrently with the install. Process execution logs confirm these are run-parts /etc/update-motd.d and snap-related processes, not skill code.