lead-enrichment
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted user data is interpolated into command structures.
- Ingestion points: Lead information including first names, last names, company domains, and LinkedIn profiles are ingested and processed in
SKILL.md(Steps 1, 3, 4, and 5). - Boundary markers: Absent. The skill does not use delimiters or explicit instructions to the agent to ignore potentially malicious content within the lead data.
- Capability inventory: The agent utilizes the
orth runcommand to execute external tools and has read access to the localMEMORY.mdfile. - Sanitization: There is no evidence of input validation, escaping, or filtering of the lead data before it is used in shell arguments or JSON payloads.
- [COMMAND_EXECUTION]: The skill executes external enrichment tools (Hunter, Sixtyfour, Fiber) using the
orth runplatform command. These operations are consistent with the skill's stated purpose of lead enrichment and target well-known B2B data services. - [COMMAND_EXECUTION]: The skill instructs the agent to read
MEMORY.mdto establish project context, such as the Ideal Customer Profile (ICP), prior to performing enrichment tasks.
Audit Metadata