sales-veloxy

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill mentions installation of supplementary tools via the npx command (e.g., npx skills add sales-skills/sales). These resources originate from the vendor's own GitHub organization and are used for extending the functionality of the sales toolkit.
  • [COMMAND_EXECUTION]: Provides instructions for the user to execute CLI commands to install related skills. These commands refer to official tools provided by the skill's author.
  • [PROMPT_INJECTION]: The skill implements a persistent learning mechanism where it reads from references/learnings.md at the start of a session and appends new findings or tips discovered during the conversation to the same file. While this creates a surface for indirect prompt injection (where user-provided tips could influence future agent behavior), the risk is minimal and consistent with the skill's intended purpose of knowledge accumulation.
  • Ingestion points: references/learnings.md is read in Step 1 to gather context.
  • Boundary markers: None identified; the skill reads the file content directly as platform knowledge.
  • Capability inventory: The agent is instructed to write to the file system using an append operation in Step 4.
  • Sanitization: No explicit sanitization of user-provided tips is mentioned before appending to the knowledge file.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 05:42 PM
Security Audit — agent-trust-hub — sales-veloxy