sales-leadlee
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: All instructions and reference materials are focused on providing benign user support for the Leadlee platform.
- [PROMPT_INJECTION]: The skill implements a self-improvement mechanism (Category 8) where it reads and appends to references/learnings.md. This creates a potential surface for indirect prompt injection. * Ingestion points: The references/learnings.md file and user inputs are ingested into the agent context. * Boundary markers: No delimiters are present to isolate or ignore instructions embedded in the learned data. * Capability inventory: The skill does not have access to dangerous capabilities like network requests, sensitive file access, or arbitrary code execution. * Sanitization: The skill does not sanitize user input before persisting it to the learnings file.
- [COMMAND_EXECUTION]: Documentation includes a command using npx for installing related skills. This is provided for informational purposes and is not executed by the agent automatically.
Audit Metadata