Sales
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates that the agent execute a shell command (
curl) targetinglocalhost:8888immediately upon invocation for voice notifications. - [COMMAND_EXECUTION]: The workflow involves executing a local script (
Generate.ts) viabun runwith arguments derived from processed external documentation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted product documentation and external URLs.
- Ingestion points: External product specifications and URLs provided by the user in the
CreateNarrative.mdandCreateSalesPackage.mdworkflows. - Boundary markers: No specific delimiters or instructions are used to separate untrusted content from the system instructions.
- Capability inventory: The skill can execute shell commands (
curl) and local scripts (bun run) based on processed content. - Sanitization: No sanitization or filtering logic is present for data ingested from external sources before its use in generating narratives or image prompts.
Audit Metadata