sales-leadiq

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a persistent learning mechanism where the agent is instructed to append newly discovered tips or workarounds to references/learnings.md. This creates a surface for indirect prompt injection if malicious instructions are provided by a user and stored in the reference file for future sessions.
  • Ingestion points: User descriptions of problems and platform interactions (Step 1 and Step 4 in SKILL.md).
  • Boundary markers: Absent. The skill does not define specific delimiters for separating user-provided data from system instructions when writing to the learning file.
  • Capability inventory: File-write operations to references/learnings.md and tool routing capabilities to other /sales-* skills.
  • Sanitization: Absent. There is no instruction to validate or sanitize content before it is persisted to the local file system.
  • [COMMAND_EXECUTION]: The documentation includes instructions for users to install related tools using the command npx skills add sales-skills/sales --skill sales-do. This command references a package within the vendor's own namespace.
  • [DATA_EXFILTRATION]: The skill provides detailed instructions on how to authenticate with the LeadIQ GraphQL API (https://api.leadiq.com/graphql). While it does not contain hardcoded credentials, it describes the process of encoding API keys found in user account settings into HTTP Basic Authentication headers.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 01:05 PM
Security Audit — agent-trust-hub — sales-leadiq