funding-signal-outreach
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from web searches and third-party APIs (funding news, contact details) to qualify leads and draft emails, creating a surface for indirect prompt injection.
- Ingestion points: External data enters the context via web search results for funding signals and third-party API responses for company enrichment and contact discovery.
- Boundary markers: The instructions do not define delimiters or specific 'ignore' instructions for the external data processed in reasoning steps.
- Capability inventory: The skill utilizes web-search, file system access (read/write for local configuration and CSV files), and email drafting capabilities.
- Sanitization: No explicit sanitization or validation of external content is described before it is used in LLM reasoning or email generation steps.
- [DATA_EXFILTRATION]: The skill performs network operations to various third-party services including Apollo, Crunchbase, Clearbit, Smartlead, and Instantly to detect signals and discover contacts. It manages sensitive information, including API keys for these services, by storing them in local configuration files (e.g.,
clients/<client-name>/config/signal-outreach.json).
Audit Metadata