sales-lobstr
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a self-improvement loop that introduces a surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read
references/learnings.mdat the beginning of each session to retrieve context from previous interactions. - Boundary markers: The instructions lack boundary markers or explicit warnings to the model to ignore any embedded instructions within the retrieved learnings.
- Capability inventory: The skill allows the agent to modify its own persistent state by appending new information to the
references/learnings.mdfile. - Sanitization: There is no mechanism defined for sanitizing, validating, or filtering the data written to the learnings file.
- Risk: An attacker could provide malicious instructions that the agent identifies as a 'learning' and saves to the persistent file, which would then be executed or obeyed in all future sessions where that file is loaded.
Audit Metadata