sales-heepsy
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a persistent self-improvement mechanism that reads from and writes to
references/learnings.md. This pattern creates an architectural surface for indirect prompt injection. - Ingestion points: Data entering the agent's context through user requests and platform context gathering defined in
SKILL.md(Step 1 and Step 4). - Boundary markers: Absent. The skill does not use delimiters or provide instructions to the agent to ignore or isolate potential commands within the data being written to or read from the knowledge base.
- Capability inventory: The agent is explicitly instructed to read the knowledge base at the start of each session and append new findings via the 'Self-improving' step, leveraging basic file system access.
- Sanitization: Absent. The skill does not define any validation, filtering, or sanitization protocols for the content being recorded.
Audit Metadata