sales-performcb
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a comprehensive reference for the Perform[cb] platform, covering campaign management, fraud detection (PerformSHIELD), and API integration. No executable scripts or automated network operations were found within the skill files.
- [INDIRECT_PROMPT_INJECTION]: The skill uses a 'self-improving' mechanism by reading from and writing to
references/learnings.md. This represents a potential surface for indirect prompt injection where untrusted data from user sessions could be persisted. However, the skill lacks any high-risk capabilities (such as subprocess execution, file system modification outside its own folder, or outbound network tools) that could be leveraged by such an injection. - Ingestion points: User input during interactions and the
references/learnings.mdfile itself. - Boundary markers: Absent; there are no specific delimiters to separate user-provided content from instructions.
- Capability inventory: No tool usage, subprocess calls, or network operations are defined in the skill scripts.
- Sanitization: None; user findings are appended directly to the reference file.
Audit Metadata