sales-cirrus-insight

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation references a command to install an additional skill: npx skills add sales-skills/sales --skill sales-do. This resource is managed by the same author (sales-skills) and is used for extending the functionality of the sales agent.
  • [COMMAND_EXECUTION]: The skill provides example curl commands in the API reference documentation. These are intended for developer guidance when interacting with the Cirrus Insight platform.
  • [PROMPT_INJECTION]: The skill contains instructions to append user-discovered tips or workarounds to references/learnings.md. This represents a surface for indirect prompt injection because the agent ingests untrusted user input and writes it to a persistent local file without explicit sanitization or boundary markers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 05:42 PM
Security Audit — agent-trust-hub — sales-cirrus-insight