sales-webinar
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a self-improvement feature that maintains state by reading from and writing to a local file (references/learnings.md). This creates a potential surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read
references/learnings.mdat the start of every session if it exists. - Boundary markers: Absent; there are no specific instructions or delimiters used to prevent the agent from treating the contents of the learnings file as authoritative instructions.
- Capability inventory: The skill allows appending content to the
references/learnings.mdfile based on discoveries during usage. It does not possess dangerous capabilities like arbitrary shell execution, network exfiltration, or access to sensitive system directories. - Sanitization: There is no evidence of validation or sanitization of the data before it is written to or read from the learnings file.
Audit Metadata