sales-leadpages
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a persistent storage mechanism through
references/learnings.md, which it reads at startup and appends to during execution. This setup introduces a surface for indirect prompt injection where instructions could be stored and later retrieved by the agent.\n - Ingestion points: The agent reads
references/learnings.mdat the beginning of each session as instructed inSKILL.md.\n - Boundary markers: The skill does not define or use any delimiters or specific instructions to isolate content retrieved from the learnings file.\n
- Capability inventory:
SKILL.mdcontains instructions for the agent to append new findings toreferences/learnings.md, providing a persistent write capability.\n - Sanitization: No mechanisms for input validation or sanitization are specified for the content saved to the learnings file.\n- [NO_CODE]: The skill consists exclusively of instructional Markdown content and reference guides. It does not include any Python or Node.js scripts, or binary executable files.
Audit Metadata