sales-subredditsignals

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements a local state management pattern by reading from and writing to references/learnings.md. This file is used to store and retrieve accumulated platform knowledge within the skill's own directory, which is a standard and safe practice for enhancing agent performance over time.
  • [COMMAND_EXECUTION]: The documentation includes a reference to an installation command npx skills add sales-skills/sales --skill sales-do. This is a vendor-provided command (author 'sales-skills' referencing their own 'sales' skill) intended for manual use by the user to expand their toolkit. It does not involve automated execution or untrusted sources.
  • [PROMPT_INJECTION]: The instructions require the agent to read the SKILL.md files of other skills before recommending them. This creates a surface for indirect prompt injection where instructions in a third-party skill file could influence the agent. However, in this context, it serves as a legitimate quality-control step for ensuring proper tool routing and does not present an immediate risk given the absence of dangerous capabilities in this skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:21 AM
Security Audit — agent-trust-hub — sales-subredditsignals