sales-dicte
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown instructions and reference guides. No Python scripts, Node.js code, or binary executables are included in the package.
- [SAFE]: No security threats such as credential harvesting, data exfiltration, or unauthorized command execution were identified. The skill's behavior aligns with its stated purpose of providing platform support.
- [PROMPT_INJECTION]: A potential surface for indirect prompt injection exists due to the knowledge persistence mechanism using
references/learnings.md. 1. Ingestion points:references/learnings.md(Read at start, updated with user-discovered tips). 2. Boundary markers: Absent; the agent is instructed to read the file content directly into its context. 3. Capability inventory: None; the skill provides information and does not have access to tools for shell execution, network requests, or sensitive file system access. 4. Sanitization: Absent; there is no logic to validate or sanitize content before it is appended to the learnings file.
Audit Metadata