sales-request-skill
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
gitand the GitHub CLI (gh) to perform repository management tasks, including creating branches, committing changes, and opening pull requests or issues. These operations are necessary for the skill's primary function of automating project contributions. - [DATA_EXFILTRATION]: The skill transmits information to GitHub when creating issues and pull requests on the
sales-skills/salesrepository. This is an intended feature of the skill to communicate requests and code to the maintainers. - [COMMAND_EXECUTION]: Accesses the local file system to read installed skill paths (e.g.,
~/.claude/skills/) and write new skill files. This access is scoped to the management of AI agent skills. - [PROMPT_INJECTION]: The skill processes untrusted user input from
$ARGUMENTSand interpolates it into skill descriptions and GitHub issue bodies, creating a surface for indirect prompt injection. - Ingestion points: User-provided descriptions of desired capabilities in
SKILL.md. - Boundary markers: The skill uses shell heredocs (
EOF) to separate user-provided text within CLI commands, providing some structural isolation. - Capability inventory: The skill has the ability to write files, execute shell commands (
git,gh), and interact with the network (viagh). - Sanitization: There is no evidence of explicit sanitization or validation of the user-provided input before it is used to generate content or submitted to external platforms.
Audit Metadata