sales-helpdesk-selection
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to read from and potentially write to
references/learnings.mdto maintain context across sessions. This architecture creates an indirect prompt injection surface where untrusted data processed by the agent could be persisted and later influence the agent's behavior as instructions. - Ingestion points:
references/learnings.mdis read at the start of the workflow in Step 1 to gather context. - Boundary markers: There are no specific delimiters or instructional guards provided to ensure the agent treats the content of the learnings file as data rather than instructions.
- Capability inventory: The skill reads local files (
learnings.md,platforms.md) and provides analysis; it does not explicitly invoke high-privilege tools in the provided scripts. - Sanitization: No sanitization, validation, or escaping of the content stored in the learnings file is defined.
- [REMOTE_CODE_EXECUTION]: The documentation includes a reference to an
npxcommand for adding related skills. While intended as a manual installation step for the user,npxby design downloads and executes remote code. - Evidence:
npx skills add sales-skills/sales --skill sales-dotargets the vendor's own package repository.
Audit Metadata