sales-maestroqa
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill acts as a documentation repository and workflow assistant for MaestroQA.
- [CREDENTIALS_UNSAFE]: The skill provides documentation for the MaestroQA (Rippit) API and SCIM user provisioning. It correctly uses placeholders such as 'YOUR_API_TOKEN' for authentication headers and does not contain hardcoded secrets or credentials.
- [DATA_EXFILTRATION]: Documents network operations targeting the legitimate platform domain (app.rippit.com). There is no evidence of unauthorized data transfer or harvesting of sensitive local files.
- [PROMPT_INJECTION]: The skill implements a self-improvement loop by reading from and writing to
references/learnings.md. This represents a surface for indirect prompt injection: - Ingestion points: User queries and conversation data processed via the MaestroQA API (as described in the guides).
- Boundary markers: Absent; the instructions do not specify delimiters or filtering for content added to the learnings file.
- Capability inventory: Limited; the skill is a reference guide and does not possess tools for arbitrary command execution or system modification.
- Sanitization: Absent; the agent is encouraged to append new insights directly to the learning repository.
Audit Metadata