sales-read-ai

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface via a self-modifying feedback loop.
  • Ingestion points: The agent is instructed to read references/learnings.md at the start of Step 1 in SKILL.md to gather context from previous interactions.
  • Boundary markers: There are no boundary markers or instructions to treat the content of references/learnings.md as untrusted data.
  • Capability inventory: The agent is directed to append new "gotchas, workarounds, or tips" to references/learnings.md in Step 4, enabling the persistence of content from the current conversation into the persistent storage file.
  • Sanitization: No sanitization or validation of the data being written to or read from the learnings file is implemented.
  • [COMMAND_EXECUTION]: The skill provides several shell commands for installing related extensions.
  • Evidence: SKILL.md includes commands like npx skills add sales-skills/sales --skill sales-note-taker -a claude-code -y.
  • Context: These commands facilitate the installation of additional skills from the same author repository.
  • [EXTERNAL_DOWNLOADS]: The skill references multiple external endpoints for the Read.ai platform and automation services.
  • Endpoints: Documentation points to https://api.read.ai/mcp/ for MCP server access, https://api.read.ai/ for REST API access, and integrations with Zapier and n8n.
  • Context: These are legitimate endpoints for the primary service the skill is designed to support.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:35 PM
Security Audit — agent-trust-hub — sales-read-ai