sales-boomi
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Extensive review of the skill's instructions, metadata, and reference files found no signs of malicious intent or security vulnerabilities.
- [PROMPT_INJECTION]: No patterns associated with overriding agent behavior, bypassing safety filters, or extracting system prompts were detected in any of the analyzed files.
- [DATA_EXFILTRATION]: The skill does not perform network operations or access sensitive system paths (e.g., SSH keys, credentials). URLs mentioned in the API reference are for official Boomi platform documentation and services.
- [COMMAND_EXECUTION]: The skill refers to an installation command (
npx skills add ...) for related tools from the same vendor ('sales-skills'). This is a documented deployment practice for the ecosystem and does not involve arbitrary command execution. - [INDIRECT_PROMPT_INJECTION]: The skill implements a feedback loop by reading from and appending to
references/learnings.md. While this ingestion of persistent data is an attack surface, the skill does not possess exploitable capabilities (such as shell access or dynamic code execution) that could be triggered by malicious content in the learnings file.
Audit Metadata