sales-secondbody
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a persistent learning mechanism by reading and writing to
references/learnings.md. This creates an indirect prompt injection surface where information derived from user interactions is stored and then re-ingested into the agent's context in future sessions. This could potentially allow an attacker to influence future agent responses if malicious instructions are captured and persisted. - Ingestion points: Reads
references/learnings.mdat the start of the interaction (Step 1). - Boundary markers: None provided; the file is read as raw context without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has the capability to write to the file system (appending to
references/learnings.md). - Sanitization: There is no evidence of sanitization, validation, or filtering of the content being appended to the learning file.
Audit Metadata