The Agent Skills Directory

[SAFE]: Secret management follows best practices by requiring API keys (SMARTLEAD_API_KEY, PROSPEO_API_KEY, MILLIONVERIFIER_API_KEY) to be provided via the environment rather than being hardcoded.
[SAFE]: The skill interacts with reputable, well-known business services for its primary operations, including Prospeo for lead discovery and Smartlead for campaign management.
[SAFE]: Input sanitization is performed in scripts/phase-scrape.ts, where the stripHtml function removes potentially dangerous tags like <script> and <style> from scraped website content before it is analyzed by the AI.
[SAFE]: Network operations are scoped to the intended functionality of scraping target domains for company information and communicating with official service APIs.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes untrusted data from external websites (scraped in Phase 1) and lead data (from Prospeo in Phase 3). However, the risk is mitigated by the modular orchestration and the automated stripping of executable HTML elements from the scraped data.

auto-research-public