sales-clearcue
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill files consist of informational guides, troubleshooting tips, and setup recipes for a legitimate GTM platform. No malicious payloads or security bypass attempts were found.\n- [COMMAND_EXECUTION]: The skill references an installation command (
npx skills add sales-skills/sales) in the 'Related skills' section. This is a standard method for users to add other skills from the same vendor and does not represent an automated or hidden execution vulnerability.\n- [INDIRECT_PROMPT_INJECTION]: The skill is designed to help users analyze Clearcue 'signals,' which are derived from external social media and news sources.\n - Ingestion points: External data enters the context via 'signals' and 'Researcher' profile analysis described in
references/platform-guide.md.\n - Boundary markers: The skill does not explicitly define markers to separate untrusted signal data from agent instructions.\n
- Capability inventory: The skill is instructional and does not contain subprocess calls or dynamic code execution logic.\n
- Sanitization: The documentation focuses on 'AI qualification' provided by the platform to filter noise, but does not specify prompt-level sanitization for the agent.
Audit Metadata