sales-alfred

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The skill is designed as a pure knowledge-base utility to assist users with the alfred_ platform.\n- [PROMPT_INJECTION]: The skill provides an indirect prompt injection surface by allowing the agent to persist and read "learnings" from a local file. This vulnerability is mitigated by the fact that the skill has no dangerous capabilities such as network access or shell execution.\n
  • Ingestion points: The file references/learnings.md is read during the first step of the skill execution to provide context.\n
  • Boundary markers: Absent; the content of the reference file is not wrapped in protective delimiters or warnings to ignore instructions.\n
  • Capability inventory: The skill possesses no capabilities for command execution, file system modification beyond the designated reference file, or network communication.\n
  • Sanitization: No sanitization is performed on information appended to or read from the references/learnings.md file.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:34 PM
Security Audit — agent-trust-hub — sales-alfred