sales-reddinbox

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface via Learning Mechanism. The skill instructs the agent to read accumulated knowledge from references/learnings.md at the start of each session and append new findings or 'gotchas' to the same file in Step 4. This behavior creates a persistent state that can be influenced by untrusted user data.
  • Ingestion points: User-provided tips and insights provided during the conversation are captured by the agent for persistence in SKILL.md.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to filter or ignore malicious instructions embedded within the user-provided tips.
  • Capability inventory: The skill is designed to perform file-write (append) operations to references/learnings.md and read operations on the same file across sessions.
  • Sanitization: The instructions do not specify any validation, escaping, or filtering process for the content before it is added to the learnings database.
  • Risk: A malicious user could provide a 'tip' that contains instructions to bypass safety guidelines or override future agent behavior. These instructions would be stored and then executed/followed by the agent in future sessions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:20 AM
Security Audit — agent-trust-hub — sales-reddinbox