sales-workato
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill implements a persistent knowledge mechanism by reading from and writing to
references/learnings.md. This creates a surface where information gathered during an interaction can influence future sessions. - Ingestion points: The file
references/learnings.mdis read at the start of each invocation; new insights are gathered during the conversation (Step 4). - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat data in
learnings.mdas untrusted content. - Capability inventory: The skill uses file-read and file-append operations on
references/learnings.mdandreferences/platform-guide.md. - Sanitization: There is no explicit sanitization or validation logic described for the content being appended to the learnings file.
- [EXTERNAL_DOWNLOADS]: The skill refers to the official Workato GitHub repository (
https://github.com/workato) for source code and reference materials. This is a well-known service associated with the primary vendor. - [COMMAND_EXECUTION]: The documentation mentions an installation command (
npx skills add sales-skills/sales --skill sales-do) for related tools. This is a standard installation procedure for vendor-provided skills and is intended for user execution.
Audit Metadata