sales-groove
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a self-improvement loop in the 'Gotchas' section of SKILL.md where it reads from and writes to a local reference file. This configuration creates a vulnerability surface for indirect prompt injection.
- Ingestion points: The agent is instructed in Step 1 to read
references/learnings.mdto gather context from previous sessions. - Boundary markers: There are no defined delimiters or instructions to treat the content of the learnings file as untrusted or to ignore embedded instructions within it.
- Capability inventory: The skill explicitly authorizes the agent to write new information ('append it to references/learnings.md') based on its discoveries during use.
- Sanitization: There are no instructions for escaping, validating, or filtering the content before it is written to the persistent file, meaning an attacker could potentially influence the agent's future behavior by providing malicious data that the agent then 'learns' and stores.
Audit Metadata