messaging-ab-tester
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it instructs the agent to ingest and process untrusted user data (such as current messaging and value propositions) without implementing boundary markers or sanitization.\n
- Ingestion points: Untrusted data enters the context through the 'Core value prop', 'ICP', and 'Current messaging' fields in the Intake phase of SKILL.md.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present to separate user-provided content from the skill's logic.\n
- Capability inventory: The skill utilizes file-writing capabilities to save generated reports and variants to the workspace (e.g.,
clients/<client-name>/...).\n - Sanitization: There is no mention of sanitizing, escaping, or validating the external content before it is interpolated into the messaging variants or reports.
Audit Metadata