sales-outdoo
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a comprehensive platform guide for Outdoo AI. All referenced URLs point to the official platform domain (outdoo.ai) or well-known third-party services like Salesforce, HubSpot, and Zapier.\n- [COMMAND_EXECUTION]: The skill provides an installation command (
npx skills add sales-skills/sales) for a related tool. This command targets a package from the same vendor ('sales-skills') and is a standard administrative action within the vendor's ecosystem.\n- [PROMPT_INJECTION]: The skill implements a routing mechanism that takes user questions and passes them to other specialized skills (e.g.,/sales-coaching {user's question}). This creates a surface for indirect prompt injection.\n - Ingestion points: User-provided descriptions of help needs enter the context in SKILL.md (Step 1 and Step 2).\n
- Boundary markers: None are used to delimit user input when generating routing commands.\n
- Capability inventory: The skill has the ability to write/append to a local learning log (
references/learnings.md) and generate commands for other skills.\n - Sanitization: No input validation or escaping is performed on the user-supplied strings before interpolation.
Audit Metadata