Sales
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill mandates the execution of a
curlPOST request tohttp://localhost:8888/notifyat the start of every session. While targeting localhost, this establishes an automated shell execution pattern. - [COMMAND_EXECUTION]: The
CreateSalesPackage.mdandCreateVisual.mdworkflows execute a local script (Generate.ts) via thebunruntime, using command-line arguments derived from processed user input. - [PROMPT_INJECTION]: The skill instructions in
SKILL.mddirect the agent to load and apply configuration files from a specific user directory (~/.opencode/skills/PAI/USER/SKILLCUSTOMIZATIONS/Sales/) to override default behavior, creating a vector for persistent behavioral modification. - [PROMPT_INJECTION]: The use of mandatory execution instructions ("🚨 MANDATORY", "This is not optional") is a technique often used to bypass agent safety filters or reasoning by forcing immediate action.
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by processing untrusted documentation into prompts for an image generation tool.
- Ingestion points: Product documentation and specifications input in
CreateNarrative.mdandCreateSalesPackage.md. - Boundary markers: None; the content is transformed into visual descriptions and talking points without delimiters.
- Capability inventory: Subprocess execution via
bun runand shell execution viacurl. - Sanitization: No input validation or escaping is performed on the documentation before it influences the generated output.
Audit Metadata