sales-letterly

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a persistent knowledge-base pattern susceptible to indirect prompt injection. (1) Ingestion points: the agent reads 'references/learnings.md' at the start of every session (Step 1). (2) Boundary markers: no delimiters or specific instructions are provided to the agent to treat this content as untrusted data or to ignore embedded instructions. (3) Capability inventory: the skill is instructed to write new 'gotchas, workarounds, or tips' directly to the 'references/learnings.md' file (Step 4). (4) Sanitization: there is no validation or sanitization logic to ensure that user-provided content saved to the file does not contain malicious prompts.
  • [NO_CODE]: The skill consists entirely of markdown files (instructions and reference guides) and does not include any executable scripts, binaries, or code-based automations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:20 AM
Security Audit — agent-trust-hub — sales-letterly