sales-leadiq
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a persistent learning mechanism where the agent is instructed to append newly discovered tips or workarounds to
references/learnings.md. This creates a surface for indirect prompt injection if malicious instructions are provided by a user and stored in the reference file for future sessions. - Ingestion points: User descriptions of problems and platform interactions (Step 1 and Step 4 in SKILL.md).
- Boundary markers: Absent. The skill does not define specific delimiters for separating user-provided data from system instructions when writing to the learning file.
- Capability inventory: File-write operations to
references/learnings.mdand tool routing capabilities to other/sales-*skills. - Sanitization: Absent. There is no instruction to validate or sanitize content before it is persisted to the local file system.
- [COMMAND_EXECUTION]: The documentation includes instructions for users to install related tools using the command
npx skills add sales-skills/sales --skill sales-do. This command references a package within the vendor's own namespace. - [DATA_EXFILTRATION]: The skill provides detailed instructions on how to authenticate with the LeadIQ GraphQL API (
https://api.leadiq.com/graphql). While it does not contain hardcoded credentials, it describes the process of encoding API keys found in user account settings into HTTP Basic Authentication headers.
Audit Metadata