sales-langfinity
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions and reference files serve the intended purpose of providing platform support. There are no indications of unauthorized data collection, network exfiltration, or malicious overrides.
- [COMMAND_EXECUTION]: Includes documentation for an installation command (
npx skills add sales-skills/sales) that allows users to extend the agent's capabilities. This command refers to the official namespace of the skill author ('sales-skills') and is a standard administrative task. - [PROMPT_INJECTION]: The skill architectural design includes a persistence mechanism where it reads from and writes to
references/learnings.md. This represents a surface for indirect prompt injection, as information gathered during a session is stored and later used as context for the agent's behavior. - Ingestion points: Reads from
references/learnings.mdat start-of-turn and processes user-supplied setup questions. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the reference files or markdown instructions.
- Capability inventory: The skill can route requests to other specialized skills (e.g.,
/sales-note-taker) and provides instructions for shell-based installations. - Sanitization: No explicit validation or filtering logic is defined for data being appended to the
learnings.mdfile.
Audit Metadata