sales-in-app-messaging

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a self-improvement pattern by reading from and appending to 'references/learnings.md'. This creates an indirect prompt injection surface where persistent user-controlled data can influence future agent behavior without proper sanitization or boundary markers. * Ingestion points: The file 'references/learnings.md' is read at the start of the interaction to gather accumulated knowledge. * Boundary markers: The skill instructions do not define specific delimiters or ignore-embedded-instruction warnings for the ingested data. * Capability inventory: The skill explicitly directs the agent to write new findings to 'references/learnings.md'. * Sanitization: No sanitization or validation logic is provided for the content being added to the learnings file.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 06:30 PM
Security Audit — agent-trust-hub — sales-in-app-messaging