apollo-lead-finder
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to the official Apollo API (
api.apollo.io) and an author-managed proxy (api.gooseworks.ai) to perform lead searches and data enrichment. These destinations are necessary for the skill's documented functionality. - [DATA_EXFILTRATION]: Retrieves lead information such as names, titles, and contact details (PII) from Apollo. The skill is designed to present this data to the user and supports saving results to local CSV files only after explicit user approval is granted.
- [PROMPT_INJECTION]: The skill processes third-party data from the Apollo API, which represents an indirect prompt injection surface.
- Ingestion points: Data enters the environment via the Apollo API response processed in
scripts/apollo_client.py. - Boundary markers: None explicitly implemented in the agent instructions to isolate lead data.
- Capability inventory: The agent can perform file writes (CSV export) and network requests to the Apollo API.
- Sanitization: External lead data is processed and presented to the agent without specific sanitization of characters that could influence model behavior.
Audit Metadata