prospecting
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with numerous well-known technology and data services, including Apollo, ZoomInfo, Clay, Clearbit, Hunter, and Truelist. These references are used for legitimate business data enrichment and contact verification purposes.
- [COMMAND_EXECUTION]: Documents the use of a local CLI tool,
tools/clis/github-prospects.js, specifically for processing GitHub repository metadata into lead lists. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) because it extracts and processes content from external websites via tools like Firecrawl and Browserbase.
- Ingestion points: Content from prospect websites (e.g., About pages, team pages) in the Local SMB and SaaS branches.
- Boundary markers: Absent; the instructions do not specify the use of delimiters or warnings to ignore instructions found within extracted web content.
- Capability inventory: The skill can perform network requests to various APIs and execute local data-processing scripts.
- Sanitization: No explicit sanitization or filtering of the extracted website content is described before the data is used to populate lead tables.
Audit Metadata