sales-orum
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is primarily instructional and does not contain executable code or scripts.
- [EXTERNAL_DOWNLOADS]: The documentation references an installation command (
npx skills add sales-skills/sales --skill sales-do) for a related skill from the same vendor ('sales-skills'). This is provided as user guidance for expanding the environment. - [DATA_EXPOSURE]: The skill utilizes
references/learnings.mdto store and retrieve platform-specific knowledge. It does not access environment variables, SSH keys, or other sensitive system files. - [SAFE]: Analysis for indirect prompt injection (Category 8) identified a data ingestion surface:
- Ingestion points: The agent is instructed to read
references/learnings.mdat startup (Step 1). - Boundary markers: Absent.
- Capability inventory: No tools or scripts are defined within this skill.
- Sanitization: No validation or sanitization is performed on the content appended to the learnings file.
- Conclusion: This is a standard pattern for 'learning' skills in this environment and does not present a high risk due to the lack of associated capabilities (e.g., shell execution or network access) within the skill itself.
Audit Metadata