sales-customersai
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it records 'learnings' derived from user interactions into a persistent file ('references/learnings.md') and retrieves them in future sessions. This 'self-improving' pattern allows untrusted input to potentially poison the agent's knowledge base.
- Ingestion points: User input prompts and the 'references/learnings.md' file.
- Boundary markers: No explicit delimiters or instructions are used to separate user content from system guidance.
- Capability inventory: The skill possesses file-write permissions for the learnings file and can route user input to other agent skills.
- Sanitization: There is no logic present to validate or sanitize user input before it is persisted in the learnings file.
- [PROMPT_INJECTION]: The skill routes user questions to other related tools (e.g., '/sales-rb2b {user's original question}') using direct string interpolation. This creates a surface for multi-step injection attacks where a malicious prompt could be crafted to bypass the routing logic or target the security controls of the downstream skill.
Audit Metadata