sales-langfinity

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's instructions and reference files serve the intended purpose of providing platform support. There are no indications of unauthorized data collection, network exfiltration, or malicious overrides.
  • [COMMAND_EXECUTION]: Includes documentation for an installation command (npx skills add sales-skills/sales) that allows users to extend the agent's capabilities. This command refers to the official namespace of the skill author ('sales-skills') and is a standard administrative task.
  • [PROMPT_INJECTION]: The skill architectural design includes a persistence mechanism where it reads from and writes to references/learnings.md. This represents a surface for indirect prompt injection, as information gathered during a session is stored and later used as context for the agent's behavior.
  • Ingestion points: Reads from references/learnings.md at start-of-turn and processes user-supplied setup questions.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the reference files or markdown instructions.
  • Capability inventory: The skill can route requests to other specialized skills (e.g., /sales-note-taker) and provides instructions for shell-based installations.
  • Sanitization: No explicit validation or filtering logic is defined for data being appended to the learnings.md file.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:20 AM
Security Audit — agent-trust-hub — sales-langfinity