sales-funnel
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains a self-improvement loop that enables indirect prompt injection by persisting data from interactions into its own reference files.
- Ingestion points: The agent is instructed in
SKILL.mdto readreferences/learnings.mdat the start of every session to incorporate accumulated knowledge. - Boundary markers: There are no delimiters or specific instructions to isolate the data in
references/learnings.mdfrom the system instructions, increasing the risk of the agent interpreting stored data as commands. - Capability inventory: The skill utilizes file-writing capabilities to append user-influenced insights to the filesystem and references various external platforms for conversion tracking and marketing.
- Sanitization: The skill does not implement any validation, filtering, or escaping for the content saved to or loaded from the persistence file.
Audit Metadata