sales-alfred
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill is designed as a pure knowledge-base utility to assist users with the alfred_ platform.\n- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by allowing the agent to persist and read "learnings" from a local file. This vulnerability is mitigated by the fact that the skill has no dangerous capabilities such as network access or shell execution.\n
- Ingestion points: The file
references/learnings.mdis read during the first step of the skill execution to provide context.\n - Boundary markers: Absent; the content of the reference file is not wrapped in protective delimiters or warnings to ignore instructions.\n
- Capability inventory: The skill possesses no capabilities for command execution, file system modification beyond the designated reference file, or network communication.\n
- Sanitization: No sanitization is performed on information appended to or read from the
references/learnings.mdfile.
Audit Metadata