skills/sales-skills/sales/sales-orum/Gen Agent Trust Hub

sales-orum

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is primarily instructional and does not contain executable code or scripts.
  • [EXTERNAL_DOWNLOADS]: The documentation references an installation command (npx skills add sales-skills/sales --skill sales-do) for a related skill from the same vendor ('sales-skills'). This is provided as user guidance for expanding the environment.
  • [DATA_EXPOSURE]: The skill utilizes references/learnings.md to store and retrieve platform-specific knowledge. It does not access environment variables, SSH keys, or other sensitive system files.
  • [SAFE]: Analysis for indirect prompt injection (Category 8) identified a data ingestion surface:
  • Ingestion points: The agent is instructed to read references/learnings.md at startup (Step 1).
  • Boundary markers: Absent.
  • Capability inventory: No tools or scripts are defined within this skill.
  • Sanitization: No validation or sanitization is performed on the content appended to the learnings file.
  • Conclusion: This is a standard pattern for 'learning' skills in this environment and does not present a high risk due to the lack of associated capabilities (e.g., shell execution or network access) within the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:35 PM
Security Audit — agent-trust-hub — sales-orum