sales-demodesk
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is instructional and provides guidance based on static markdown files. No malicious behavior or suspicious commands were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests user input and appends data to a local learning file. However, the risk is minimal because the skill lacks executable capabilities. Evidence Chain: 1. Ingestion points: User questions processed in
SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Local file read/write (append only); no network or command execution. 4. Sanitization: Absent. - [CREDENTIALS_UNSAFE]: The documentation provides examples of API authentication using standard placeholders such as
YOUR_API_KEY. No hardcoded secrets or credentials were found.
Audit Metadata