sales-voicenotes

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a persistence mechanism by reading from and writing to references/learnings.md to store platform knowledge across different sessions. This creates an indirect prompt injection surface where untrusted content processed by the agent could be saved into the learnings file and influence future interactions.
  • Ingestion points: The agent is instructed to read references/learnings.md at the start of Step 1 in SKILL.md to gather accumulated platform knowledge.
  • Boundary markers: There are no explicit delimiters, schema constraints, or instructions to ignore embedded commands within the learnings file content.
  • Capability inventory: The skill performs file-read operations on references/learnings.md and references/platform-guide.md, and file-write (append) operations to references/learnings.md as described in Step 4 of the instructions.
  • Sanitization: The instructions do not specify any validation, escaping, or filtering for the content appended to the learnings file based on user interactions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:20 AM
Security Audit — agent-trust-hub — sales-voicenotes