sales-ccaas-selection
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill features an automated learning mechanism that is susceptible to indirect prompt injection.\n
- Ingestion points: User requirements and interaction feedback (Step 1 and Step 4).\n
- Boundary markers: Absent; user-provided feedback is appended directly to
references/learnings.mdand read back without delimiters or instructions to ignore embedded commands.\n - Capability inventory: Reading and writing to local files and routing to other platform-specific skills.\n
- Sanitization: Absent; the skill does not implement validation or filtering for the content persisted to the learning reference file.\n- [COMMAND_EXECUTION]: The documentation provides a command for users to install related skills from the author's own infrastructure.\n
- Evidence:
npx skills add sales-skills/sales --skill sales-do -a claude-code -yinSKILL.md.\n- [EXTERNAL_DOWNLOADS]: The skill references the download and installation of additional tools from the author's repository.\n - Evidence:
sales-skills/salesrepository reference for thesales-doskill.
Audit Metadata