sales-inbeat

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill consists of informational marketing content and procedural guidance. No obfuscation, malicious dependencies, or dangerous code patterns were detected.
  • [PROMPT_INJECTION]: The skill processes user-supplied context to provide marketing advice. 1) Ingestion points: User input is collected during the context-gathering phase in SKILL.md. 2) Boundary markers: Instructions are logically separated into steps, although specific input delimiters are not explicitly defined. 3) Capability inventory: The skill can read/write to references/learnings.md and call other sub-skills. 4) Sanitization: There is no explicit validation or escaping of user input content.
  • [DATA_EXFILTRATION]: The skill implements a self-improving loop by writing findings to references/learnings.md. This file access is restricted to the skill's own data directory and serves as a legitimate persistence mechanism for specialized knowledge.
  • [COMMAND_EXECUTION]: The documentation references an installation command (npx skills add sales-skills/sales --skills sales-do) to assist users in adding a related router skill from the same vendor ('sales-skills'). This is a static instructional reference for user action.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:35 PM
Security Audit — agent-trust-hub — sales-inbeat