sales-transync-ai

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to its use of untrusted user input in a persistent storage workflow.\n
  • Ingestion points: User inputs describing meeting translation needs are captured and processed.\n
  • Boundary markers: There are no explicit delimiters or instructions to treat data from the learnings.md file as untrusted when it is read back into the agent's context.\n
  • Capability inventory: The skill is instructed to read from and append new findings to references/learnings.md, creating a feedback loop where user-provided content can influence future agent behavior.\n
  • Sanitization: The skill lacks mechanisms for sanitizing or validating content before writing it to the local knowledge base.\n- [COMMAND_EXECUTION]: The skill documentation provides instructions for installing related tools through the command line.\n
  • Evidence: The 'Related skills' section lists several npx skills add commands for the sales-skills/sales repository to facilitate installation of complementary features.\n- [EXTERNAL_DOWNLOADS]: The skill references external resources for software installation and platform support.\n
  • Evidence: Links to official download paths and support contacts at transyncai.com are provided within the troubleshooting and setup sections.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:20 AM
Security Audit — agent-trust-hub — sales-transync-ai