sales-gumroad
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill utilizes a persistent learning mechanism via the
references/learnings.mdfile. It is instructed to read this file upon activation and append new findings to it. This design presents an indirect prompt injection surface where untrusted data from user interactions could be saved into the file and subsequently influence the agent's context in future sessions. \n - Ingestion points: User-provided descriptions and the contents of
references/learnings.md.\n - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat the contents of the learnings file as untrusted or to ignore embedded instructions.\n
- Capability inventory: The skill instructions permit appending data to local files and routing requests to other sales-related skills.\n
- Sanitization: There is no evidence of sanitization, filtering, or validation for the content being appended to the learnings file.\n- [COMMAND_EXECUTION]: The documentation includes an example command
npx skills add sales-skills/salesto install related functionality. This command targets a package from the same vendor and is a standard procedure for expanding the agent's capabilities.
Audit Metadata