lead-intelligence
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection. * Ingestion points: The enrichment-agent and signal-scorer agents ingest untrusted data from external sources including X posts, LinkedIn profiles, and web search results via Exa. * Boundary markers: There are no explicit instructions or delimiters defined to prevent the model from obeying instructions that may be embedded in the ingested content. * Capability inventory: The agents have access to the Bash, WebSearch, and WebFetch tools. * Sanitization: The skill lacks a sanitization layer to filter or escape instructions found in the external data before it is processed by the outreach-drafter.
- [COMMAND_EXECUTION]: The enrichment-agent, mutual-mapper, and signal-scorer are configured with access to the Bash tool. While the current instructions utilize Bash for standard data processing, the combination of shell access and the ingestion of potentially malicious external content increases the risk profile of the skill.
Audit Metadata