sales-reddinbox
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface via Learning Mechanism. The skill instructs the agent to read accumulated knowledge from
references/learnings.mdat the start of each session and append new findings or 'gotchas' to the same file in Step 4. This behavior creates a persistent state that can be influenced by untrusted user data. - Ingestion points: User-provided tips and insights provided during the conversation are captured by the agent for persistence in
SKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to filter or ignore malicious instructions embedded within the user-provided tips.
- Capability inventory: The skill is designed to perform file-write (append) operations to
references/learnings.mdand read operations on the same file across sessions. - Sanitization: The instructions do not specify any validation, escaping, or filtering process for the content before it is added to the learnings database.
- Risk: A malicious user could provide a 'tip' that contains instructions to bypass safety guidelines or override future agent behavior. These instructions would be stored and then executed/followed by the agent in future sessions.
Audit Metadata