sales-veloxy
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill mentions installation of supplementary tools via the
npxcommand (e.g.,npx skills add sales-skills/sales). These resources originate from the vendor's own GitHub organization and are used for extending the functionality of the sales toolkit. - [COMMAND_EXECUTION]: Provides instructions for the user to execute CLI commands to install related skills. These commands refer to official tools provided by the skill's author.
- [PROMPT_INJECTION]: The skill implements a persistent learning mechanism where it reads from
references/learnings.mdat the start of a session and appends new findings or tips discovered during the conversation to the same file. While this creates a surface for indirect prompt injection (where user-provided tips could influence future agent behavior), the risk is minimal and consistent with the skill's intended purpose of knowledge accumulation. - Ingestion points:
references/learnings.mdis read in Step 1 to gather context. - Boundary markers: None identified; the skill reads the file content directly as platform knowledge.
- Capability inventory: The agent is instructed to write to the file system using an append operation in Step 4.
- Sanitization: No explicit sanitization of user-provided tips is mentioned before appending to the knowledge file.
Audit Metadata