sales-do
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
ls ~/.claude/skills/to determine which specialized skills are currently installed, allowing it to provide accurate installation advice. - [EXTERNAL_DOWNLOADS]: The skill is configured to fetch skill definitions and metadata from the vendor's GitHub repository and other specified third-party sources to ensure routing prompts are accurate and up-to-date.
- [PROMPT_INJECTION]: The skill processes external metadata from various sales tool repositories to construct ready-to-use prompts. This constitutes an indirect prompt injection surface.
- Ingestion points: External
SKILL.mdfiles are retrieved viaWebFetchfrom GitHub inSKILL.md(Step 2.5). - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the routing prompt generation logic.
- Capability inventory: The skill can list local files (
ls) and write new instruction files (do-*.md) to the filesystem as part of its routing functionality. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from external repositories before it is incorporated into prompts.
Audit Metadata