lead-qualification
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to the Apify API (api.apify.com) to perform batch lead enrichment. Apify is a well-known service for data extraction. The connection uses the official API and is documented as the primary method for gathering lead data.
- [COMMAND_EXECUTION]: Executes a bundled Python script (
enrich_leads.py) to manage the interaction with the Apify API, handle local data caching, and process CSV files. The script uses standard libraries and follows expected data processing patterns. - [DATA_EXFILTRATION]: Transmits LinkedIn URLs provided by the user to the external Apify platform. This is the intended and documented function of the skill, and no sensitive system files or host credentials are accessed or transmitted.
- [INDIRECT_PROMPT_INJECTION]: The skill processes third-party data from LinkedIn profiles, which presents a surface for indirect prompt injection. \n
- Ingestion points: Enriched lead data is ingested from CSV files or web search results into the agent context in SKILL.md Step 3. \n
- Boundary markers: The skill uses a structured 'Qualification Prompt' format to scope the agent's evaluation, though it does not implement explicit 'ignore embedded instructions' delimiters for the lead bio content itself. \n
- Capability inventory: The agent has access to the Task tool for parallelization, file read/write for CSV handling, and Rube MCP for Google Sheets operations. \n
- Sanitization: No explicit sanitization or content filtering is performed on the raw profile data before LLM processing.
Audit Metadata