sales-payhip

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a feedback loop by reading from and writing to references/learnings.md. This storage of user-influenced content creates a surface for indirect prompt injection across sessions.
  • Ingestion points: references/learnings.md
  • Boundary markers: Absent
  • Capability inventory: File-write (append) access to local reference files
  • Sanitization: Absent.
  • [REMOTE_CODE_EXECUTION]: The documentation references an npx command (npx skills add sales-skills/sales --skills sales-do) to install additional skills. This involves remote code execution through the execution of packages from the npm registry.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:35 PM
Security Audit — agent-trust-hub — sales-payhip