sales-proposal-analytics
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function is to interpret sales signals and provide strategic advice, which aligns with its stated purpose.
- [EXTERNAL_DOWNLOADS]: The skill suggests installing additional components from the same vendor using
npx skills add sales-skills/sales. This is documented as a standard vendor resource and does not present a security risk. - [DATA_EXFILTRATION]: A sample
curlcommand is provided for configuring webhooks with the official Qwilr API (api.qwilr.com). It correctly uses a variable placeholder for authentication tokens, following security best practices for documentation. - [PROMPT_INJECTION]: The skill processes user-provided engagement signals (ingested via argument-hint in SKILL.md), creating a surface for indirect prompt injection. Boundary markers and sanitization are absent, but the skill lacks risky capabilities like subprocess calls or file-writes across its files, making the risk minimal.
Audit Metadata