sales-voicenotes
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a persistence mechanism by reading from and writing to
references/learnings.mdto store platform knowledge across different sessions. This creates an indirect prompt injection surface where untrusted content processed by the agent could be saved into the learnings file and influence future interactions. - Ingestion points: The agent is instructed to read
references/learnings.mdat the start of Step 1 inSKILL.mdto gather accumulated platform knowledge. - Boundary markers: There are no explicit delimiters, schema constraints, or instructions to ignore embedded commands within the learnings file content.
- Capability inventory: The skill performs file-read operations on
references/learnings.mdandreferences/platform-guide.md, and file-write (append) operations toreferences/learnings.mdas described in Step 4 of the instructions. - Sanitization: The instructions do not specify any validation, escaping, or filtering for the content appended to the learnings file based on user interactions.
Audit Metadata