Skills
skills/sales-skills/sales/sales-buttondown/Gen Agent Trust Hub

sales-buttondown

Fail

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file references/buttondown-api-reference.md contains a hardcoded authentication token: Token 401f7ac837da42b97f613d789819ff93537bee6a. Providing specific tokens that match the service's credential format represents a risk of credential exposure. \n- [EXTERNAL_DOWNLOADS]: The SKILL.md file contains instructions to run npx skills add sales-skills/sales, which involves downloading software packages. \n- [COMMAND_EXECUTION]: The SKILL.md file instructs the agent to suggest executing shell commands like npx skills add for installation purposes. \n- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface. \n
  • Ingestion points: User input provided to describe Buttondown issues in SKILL.md. \n
  • Boundary markers: Absent. The instructions do not define delimiters for untrusted user input. \n
  • Capability inventory: The skill has the capability to write to references/learnings.md. \n
  • Sanitization: None. User-supplied tips are appended to the learnings file without any validation or filtering process.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 20, 2026, 06:35 PM