sales-backtrack
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill implements a persistent learning mechanism by reading from and appending to
references/learnings.md. - Ingestion points:
references/learnings.mdis read at the start of each invocation to provide context. - Boundary markers: No explicit markers are used to separate learned content from system instructions.
- Capability inventory: The skill primarily performs text-based routing and guidance; it does not possess file-writing or network-execution capabilities within its own logic (writing to the learning file is described as an agent behavior).
- Sanitization: None described. This is a standard functional pattern for this agent type and does not present an immediate risk.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Accesses local reference files (
references/platform-guide.mdandreferences/learnings.md) to retrieve platform information. There is no evidence of access to sensitive system directories or environment variables. - [COMMAND_EXECUTION]: The documentation includes a setup command for users (
npx skills add sales-skills/sales --skill sales-do) to install related utilities from the same author ('sales-skills'). This is a documented user action and not an automated execution by the skill itself.
Audit Metadata