sales-transync-ai
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to its use of untrusted user input in a persistent storage workflow.\n
- Ingestion points: User inputs describing meeting translation needs are captured and processed.\n
- Boundary markers: There are no explicit delimiters or instructions to treat data from the
learnings.mdfile as untrusted when it is read back into the agent's context.\n - Capability inventory: The skill is instructed to read from and append new findings to
references/learnings.md, creating a feedback loop where user-provided content can influence future agent behavior.\n - Sanitization: The skill lacks mechanisms for sanitizing or validating content before writing it to the local knowledge base.\n- [COMMAND_EXECUTION]: The skill documentation provides instructions for installing related tools through the command line.\n
- Evidence: The 'Related skills' section lists several
npx skills addcommands for thesales-skills/salesrepository to facilitate installation of complementary features.\n- [EXTERNAL_DOWNLOADS]: The skill references external resources for software installation and platform support.\n - Evidence: Links to official download paths and support contacts at
transyncai.comare provided within the troubleshooting and setup sections.
Audit Metadata