sales-chatbot
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches remote instruction files (
SKILL.md) from the vendor's official GitHub repository (github.com/sales-skills/sales). This is a standard mechanism used to synchronize the agent's knowledge with the latest platform-specific guidelines. - [COMMAND_EXECUTION]: Provides instructions for the user to install additional components via
npx skills add. These are presented as manual setup steps for the user and are not executed by the agent autonomously. - [PROMPT_INJECTION]: The skill processes data from a local learning file (
references/learnings.md) and remote markdown files. While this creates an ingestion surface for potential indirect instructions, the logic is limited to knowledge accumulation and platform recommendations within the defined sales domain.
Audit Metadata