sales-keymentions
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats were identified. The skill is composed of markdown instructions and platform reference guides.\n- [COMMAND_EXECUTION]: The documentation includes an example command (
npx skills add sales-skills/sales --skill sales-do) to install a related skill from the same author. This is a manual instruction for the user and is not executed automatically by the agent.\n- [DATA_EXFILTRATION]: No unauthorized network requests or sensitive file access patterns were found. URLs in the documentation point to legitimate marketing services and support pages.\n- [PROMPT_INJECTION]: The skill usesreferences/learnings.mdto persist knowledge, which creates an indirect prompt injection surface. However, the skill lacks high-privilege capabilities (like code execution or network access), rendering the risk negligible.\n - Ingestion points: The file
references/learnings.mdis read at the start of each session.\n - Boundary markers: None present; the file content is treated as direct instructional context.\n
- Capability inventory: Limited to informational response generation and appending text to the learnings file.\n
- Sanitization: None; the agent is instructed to append new tips directly to the file.\n- [NO_CODE]: The skill consists entirely of markdown documentation and does not include any Python or Node.js scripts or binaries.
Audit Metadata