sales-keymentions

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security threats were identified. The skill is composed of markdown instructions and platform reference guides.\n- [COMMAND_EXECUTION]: The documentation includes an example command (npx skills add sales-skills/sales --skill sales-do) to install a related skill from the same author. This is a manual instruction for the user and is not executed automatically by the agent.\n- [DATA_EXFILTRATION]: No unauthorized network requests or sensitive file access patterns were found. URLs in the documentation point to legitimate marketing services and support pages.\n- [PROMPT_INJECTION]: The skill uses references/learnings.md to persist knowledge, which creates an indirect prompt injection surface. However, the skill lacks high-privilege capabilities (like code execution or network access), rendering the risk negligible.\n
  • Ingestion points: The file references/learnings.md is read at the start of each session.\n
  • Boundary markers: None present; the file content is treated as direct instructional context.\n
  • Capability inventory: Limited to informational response generation and appending text to the learnings file.\n
  • Sanitization: None; the agent is instructed to append new tips directly to the file.\n- [NO_CODE]: The skill consists entirely of markdown documentation and does not include any Python or Node.js scripts or binaries.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:20 AM
Security Audit — agent-trust-hub — sales-keymentions