sales-heepsy

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a persistent self-improvement mechanism that reads from and writes to references/learnings.md. This pattern creates an architectural surface for indirect prompt injection.
  • Ingestion points: Data entering the agent's context through user requests and platform context gathering defined in SKILL.md (Step 1 and Step 4).
  • Boundary markers: Absent. The skill does not use delimiters or provide instructions to the agent to ignore or isolate potential commands within the data being written to or read from the knowledge base.
  • Capability inventory: The agent is explicitly instructed to read the knowledge base at the start of each session and append new findings via the 'Self-improving' step, leveraging basic file system access.
  • Sanitization: Absent. The skill does not define any validation, filtering, or sanitization protocols for the content being recorded.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:35 PM
Security Audit — agent-trust-hub — sales-heepsy