sales-maxiq
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a 'self-improving' loop by reading from and appending to
references/learnings.md. This functionality creates a surface for indirect prompt injection where instructions or malicious patterns provided by a user in one session could be persisted and influence the agent's behavior in future sessions. - Ingestion points: The agent reads
references/learnings.mdat the start of every interaction and appends new discoveries to it at the conclusion of the session. - Boundary markers: The skill does not define specific delimiters or instructions to treat the learned content as untrusted data or to ignore embedded commands.
- Capability inventory: The agent is authorized to read local skill files, route to other installed skills, and append content to the local learning file.
- Sanitization: There is no mechanism described for validating, escaping, or sanitizing the content before it is saved to the persistent storage.
- [COMMAND_EXECUTION]: The documentation includes a command for installing a related skill:
npx skills add sales-skills/sales --skill sales-do. This command references a package within the same author's ('sales-skills') namespace and represents a standard installation procedure for this environment.
Audit Metadata