get-qualified-leads-from-luma
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from untrusted event data. * Ingestion points: Attendee biographies and profile metadata are scraped from Luma events in Step 1. * Boundary markers: Step 3 qualifications lack explicit delimiters or instructions to ignore embedded commands within the ingested text. * Capability inventory: Subprocess execution of Python scripts, file system writes to /tmp, and network access to Slack webhooks. * Sanitization: No sanitization or escaping of scraped data is performed before it is passed to the qualification subagents.
- [DATA_EXFILTRATION]: Extracted lead data is transmitted to an external endpoint. * Evidence: Step 5 utilizes Python's urllib.request to POST attendee names, bios, and LinkedIn URLs to a user-provided Slack webhook URL.
- [COMMAND_EXECUTION]: The skill executes local Python scripts to handle search and data extraction. * Evidence: Step 1 invokes 'python3' to run 'scrape_event.py' located within a dependent skill directory.
Audit Metadata