B2B SDR Agent

Customers or leads may believe they are interacting with a human representative, creating consent, compliance, and reputation risks for the business using the skill.

The skill's customer-facing behavior explicitly instructs the AI not to reveal that it is AI and to present as a sales consultant, which can mislead external recipients.

If configured broadly, the agent could send messages, follow-ups, quotes, or sales commitments to real leads without enough operator review.

The skill is designed to perform end-to-end external sales activity across messaging and email channels; the top-level instructions do not clearly require per-message or per-deal human approval.

Customer PII, budgets, objections, quotes, and commitments may be retained and reused across sessions; malicious or accidental instructions captured in memory could steer later conversations.

The design stores customer conversation data every turn and later injects memory into the system prompt, which can expose sensitive customer/business data and allow untrusted customer text to influence future behavior if not sanitized.

The agent may keep processing conversations, updating memory, and triggering workflows in the background after initial setup.

The documented hooks and cron behavior are disclosed and purpose-aligned, but they create continuing background activity beyond a single user-invoked task.

Misconfigured or overprivileged keys could let the agent access messaging accounts, model accounts, or deployment infrastructure more broadly than intended.

The skill expects operational credentials for servers, AI providers, and communication channels. This is expected for an SDR integration, but the registry metadata declares no required credentials.

Running deployment scripts may modify a server and install or upload code that affects agent behavior.

The deployment flow can install dependencies and change the skill set on a target server. This is relevant to the stated deployment purpose, but it expands the trust boundary.