Skills
skills/athina-ai/goose-skills/cold-email-outreach/Gen Agent Trust Hub

cold-email-outreach

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it ingests untrusted lead data from the Supabase database to generate email content.
  • Ingestion points: Lead records retrieved from the people table in the Supabase database.
  • Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions embedded within lead data.
  • Capability inventory: Execution of Smartlead outreach tools via MCP, administrative database writes (POST/PATCH) to Supabase, and local file system writes for CSV generation.
  • Sanitization: No evidence of input validation or escaping for lead-provided fields is provided in the documentation.- [COMMAND_EXECUTION]: The skill documentation includes instructions for the agent to execute a local Python setup script (python3 tools/supabase/setup_database.py) to initialize the database environment.- [DATA_EXFILTRATION]: The skill reads user data from a private database and exports it to external outreach platforms (Smartlead) or local CSV files. This behavior is documented as the core functionality for campaign orchestration.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 01:07 PM