Skills
skills/sales-skills/sales/sales-qwilr-automation/Gen Agent Trust Hub

sales-qwilr-automation

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing an additional tool using npx skills add sales-skills/sales. This resource originates from the same vendor ('sales-skills') as the skill itself.
  • [DATA_EXFILTRATION]: The skill processes sensitive information including CRM data and Qwilr API tokens. It mitigates credential exposure risks by explicitly instructing the user to use environment variables ($QWILR_TOKEN) rather than hardcoding secrets. It also logs operational knowledge to references/learnings.md.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection because it ingests data from external sources (CRMs and webhooks) to populate document templates.
  • Ingestion points: External CRM fields (e.g., Salesforce, HubSpot) are mapped to Qwilr tokens, and webhook payloads are processed for automation triggers as described in SKILL.md and references/qwilr-api-reference.md.
  • Boundary markers: The skill does not define specific delimiters or instructions to ignore potential malicious content embedded within the CRM data before it is interpolated into the {{token}} placeholders.
  • Capability inventory: The skill is designed to perform network requests to the Qwilr API (api.qwilr.com) and perform local file writes to references/learnings.md.
  • Sanitization: There is no evidence of data sanitization or validation logic to filter potentially malicious instructions from the CRM or webhook inputs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 06:10 PM