sales-helpdesk-selection

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to read from and potentially write to references/learnings.md to maintain context across sessions. This architecture creates an indirect prompt injection surface where untrusted data processed by the agent could be persisted and later influence the agent's behavior as instructions.
  • Ingestion points: references/learnings.md is read at the start of the workflow in Step 1 to gather context.
  • Boundary markers: There are no specific delimiters or instructional guards provided to ensure the agent treats the content of the learnings file as data rather than instructions.
  • Capability inventory: The skill reads local files (learnings.md, platforms.md) and provides analysis; it does not explicitly invoke high-privilege tools in the provided scripts.
  • Sanitization: No sanitization, validation, or escaping of the content stored in the learnings file is defined.
  • [REMOTE_CODE_EXECUTION]: The documentation includes a reference to an npx command for adding related skills. While intended as a manual installation step for the user, npx by design downloads and executes remote code.
  • Evidence: npx skills add sales-skills/sales --skill sales-do targets the vendor's own package repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:35 PM
Security Audit — agent-trust-hub — sales-helpdesk-selection