sales-sideprojectors
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a self-improving loop by reading from and writing to references/learnings.md. This creates a surface for indirect prompt injection where user-influenced data could persist across sessions. However, the risk is minimal as the agent lacks tools for command execution or network access. Evidence: 1. Ingestion points: references/learnings.md. 2. Boundary markers: Absent. 3. Capability inventory: None (informational only). 4. Sanitization: Absent.
- [REMOTE_CODE_EXECUTION]: The documentation contains an npx command to install related skills from the author sales-skills. This is a standard vendor-provided resource for expanding the agent's capabilities and does not involve unauthorized remote code execution.
Audit Metadata