sales-launchday
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a local file
references/learnings.mdto store and retrieve persistent knowledge. This behavior creates a surface for indirect prompt injection where untrusted data or instructions encountered during a session could be saved and subsequently influence the agent's behavior in later invocations. - Ingestion points: The agent is instructed to read
references/learnings.mdat the beginning of Step 1 to gather context. - Boundary markers: There are no instructions to the agent to treat the content of the learnings file as untrusted or to ignore any embedded commands within it.
- Capability inventory: The skill performs file read and write operations on its own reference files. No broader system-level execution or unauthorized network access was detected.
- Sanitization: The skill does not provide any logic for validating or sanitizing user-provided or observed information before appending it to the learnings file.
Audit Metadata