sales-launchvibe
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a persistence pattern that reads from
references/learnings.mdat the start of each session. This creates a surface for indirect prompt injection where instructions could be stored in the file and subsequently interpreted by the agent. - Ingestion points: The agent reads
references/learnings.mdat initialization and processes user-provided product descriptions. - Boundary markers: The skill does not use delimiters or explicit boundary markers to separate the data read from the learnings file from the primary instructions.
- Capability inventory: The skill is restricted to information retrieval and routing; it does not possess high-risk capabilities like shell execution or unauthorized network requests.
- Sanitization: Content read from the persistent learnings file is not sanitized or validated.
- [EXTERNAL_DOWNLOADS]: The documentation includes the command
npx skills add sales-skills/sales --skills sales-do. This command fetches and executes code from the author's official repository for distribution purposes, which represents a standard functionality for this vendor.
Audit Metadata