sales-clearcue

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill files consist of informational guides, troubleshooting tips, and setup recipes for a legitimate GTM platform. No malicious payloads or security bypass attempts were found.\n- [COMMAND_EXECUTION]: The skill references an installation command (npx skills add sales-skills/sales) in the 'Related skills' section. This is a standard method for users to add other skills from the same vendor and does not represent an automated or hidden execution vulnerability.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to help users analyze Clearcue 'signals,' which are derived from external social media and news sources.\n
  • Ingestion points: External data enters the context via 'signals' and 'Researcher' profile analysis described in references/platform-guide.md.\n
  • Boundary markers: The skill does not explicitly define markers to separate untrusted signal data from agent instructions.\n
  • Capability inventory: The skill is instructional and does not contain subprocess calls or dynamic code execution logic.\n
  • Sanitization: The documentation focuses on 'AI qualification' provided by the platform to filter noise, but does not specify prompt-level sanitization for the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:20 AM
Security Audit — agent-trust-hub — sales-clearcue