email-search
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires the use of an API token for the Extruct platform (EXTRUCT_API_TOKEN) and prompts the user to provide credentials for third-party enrichment services like Fullenrich and Prospeo.
- [COMMAND_EXECUTION]: Shell commands are used to verify the presence of environment variables before proceeding with tasks.
- [EXTERNAL_DOWNLOADS]: The skill makes network requests to external APIs for data enrichment and retrieves documentation from third-party provider domains (fullenrich.com and prospeo.io) to learn service schemas.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists because the agent is instructed to fetch and process external data, including provider API documentation and contact information from tables and CSV files. \n- Ingestion points: External API documentation URLs, Extruct data tables, and local CSV files. \n- Boundary markers: The skill does not implement delimiters or explicit instructions to ignore commands embedded within the processed data. \n- Capability inventory: The agent has the ability to perform network requests to external APIs and write data to local files. \n- Sanitization: No prompt-level sanitization is performed on the data fetched from external sources before processing.
Audit Metadata