cold-email-outreach
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to how it handles external data ingestion.
- Ingestion points: The skill reads lead data from user-provided CSV files, pasted text, and external database queries during Phase 1 (Lead Ingestion).
- Boundary markers: There are no explicit instructions or delimiters defined to ensure the agent ignores or treats content within these data sources as non-instructional text.
- Capability inventory: The skill utilizes network-capable tools (Smartlead MCP) and has the ability to write files to the local filesystem (CSV generation in Phase 4).
- Sanitization: The instructions do not specify any sanitization or filtering of the lead data beyond basic email format validation, allowing potentially malicious instructions in names or company fields to be processed.
Audit Metadata