lead-enrichment

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted user data is interpolated into command structures.
  • Ingestion points: Lead information including first names, last names, company domains, and LinkedIn profiles are ingested and processed in SKILL.md (Steps 1, 3, 4, and 5).
  • Boundary markers: Absent. The skill does not use delimiters or explicit instructions to the agent to ignore potentially malicious content within the lead data.
  • Capability inventory: The agent utilizes the orth run command to execute external tools and has read access to the local MEMORY.md file.
  • Sanitization: There is no evidence of input validation, escaping, or filtering of the lead data before it is used in shell arguments or JSON payloads.
  • [COMMAND_EXECUTION]: The skill executes external enrichment tools (Hunter, Sixtyfour, Fiber) using the orth run platform command. These operations are consistent with the skill's stated purpose of lead enrichment and target well-known B2B data services.
  • [COMMAND_EXECUTION]: The skill instructs the agent to read MEMORY.md to establish project context, such as the Ideal Customer Profile (ICP), prior to performing enrichment tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:55 AM
Security Audit — agent-trust-hub — lead-enrichment