sales-happyscribe
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a feedback loop through the
references/learnings.mdfile. Instructions require the agent to read this file during initialization and append new findings, such as workarounds or tips discovered during interaction. This creates an indirect prompt injection surface where untrusted content from user queries or processed data could be persisted and subsequently treated as instructions in future sessions. - Ingestion points: The file
references/learnings.mdis ingested into the agent context at the beginning of the execution flow in Step 1. - Boundary markers: No delimiters or instructions are present to ensure the agent treats the content of the learnings file as data rather than executable instructions.
- Capability inventory: The skill has capabilities to read/write local files and execute commands to route to other skills.
- Sanitization: No validation or filtering is performed on content written to the learnings file.
- [COMMAND_EXECUTION]: The skill uses a routing table that directs the agent to execute commands for specialized tasks (e.g.,
/sales-note-taker), facilitating the execution of external skill logic. - [EXTERNAL_DOWNLOADS]: The documentation provides a command to install a related component:
npx skills add sales-skills/sales --skill sales-do. This command uses a package runner to download and execute code from a repository associated with the skill's author.
Audit Metadata