sales-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill features an RFP analysis tool that processes external PDF files, creating a surface for indirect prompt injection. 1. Ingestion points: The script rfp_analyzer.py is designed to process external rfp.pdf files. 2. Boundary markers: No delimiters or specific instructions to ignore embedded instructions are defined for the input data. 3. Capability inventory: The skill has the capability to execute local Python scripts (demo_setup.py, rfp_analyzer.py, poc_tracker.py, competitive_compare.py). 4. Sanitization: No evidence of content sanitization or validation is present in the skill documentation.
- [Prompt Injection] (SAFE): No direct injection patterns or attempts to override system prompts were detected in the skill instructions.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file access, or unauthorized network communication patterns were identified.
- [Remote Code Execution] (SAFE): No patterns for downloading and executing remote code (e.g., curl or wget piped to a shell) were found.
Audit Metadata