sales-typeform

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFE
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill documents authentication methods (Personal Access Tokens and OAuth) but correctly uses placeholders like '{your_token}' in examples, ensuring no real credentials are exposed.
  • [EXTERNAL_DOWNLOADS]: Mentions official and well-known packages such as '@typeform/api-client' and '@typeform/embed' for legitimate platform integration, which are recognized as trusted resources.
  • [COMMAND_EXECUTION]: Mentions the use of 'npx skills add' for installing related tools from the same vendor ('sales-skills'), which is consistent with the skill's purpose as a platform guide.
  • [PROMPT_INJECTION]: The skill implements a self-improving knowledge loop by instructing the agent to append new findings to 'references/learnings.md'. Ingestion points: User-provided questions and API responses processed by the agent. Boundary markers: Absent. Capability inventory: Instructions for file read/append. Sanitization: Not explicitly defined. This creates an architectural surface for indirect prompt injection, but it is a standard feature for this class of skill and lacks evidence of malicious intent or immediate exploitability.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:36 PM
Security Audit — agent-trust-hub — sales-typeform