sales-cirrus-insight
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation references a command to install an additional skill:
npx skills add sales-skills/sales --skill sales-do. This resource is managed by the same author (sales-skills) and is used for extending the functionality of the sales agent. - [COMMAND_EXECUTION]: The skill provides example
curlcommands in the API reference documentation. These are intended for developer guidance when interacting with the Cirrus Insight platform. - [PROMPT_INJECTION]: The skill contains instructions to append user-discovered tips or workarounds to
references/learnings.md. This represents a surface for indirect prompt injection because the agent ingests untrusted user input and writes it to a persistent local file without explicit sanitization or boundary markers.
Audit Metadata