linkedin-outreach
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through lead signal data.
- Ingestion points: Lead metadata from Supabase such as 'comment_snippet', 'post_topic', and 'job_posting_detail' are used in message generation prompts (SKILL.md, Phase 3).
- Boundary markers: No specific delimiters or instructions are provided to isolate untrusted data from the instruction set.
- Capability inventory: The skill interacts with the Supabase API to read/write lead data and logs, and writes CSV files to the local file system (SKILL.md, Phase 4, Phase 6).
- Sanitization: No sanitization or validation is performed on the ingested lead data before it is merged into sequence templates.
Audit Metadata