The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill facilitates interaction with several third-party service providers via their official APIs. These include domain registration (Dynadot), email hosting (Zapmail), lead sourcing (Prospeo), and campaign management (Smartlead and Instantly). It also uses OpenRouter for AI-driven enrichment and RapidAPI for news and social data.
[COMMAND_EXECUTION]: The toolkit provides a series of automation scripts for the Node.js environment. These scripts manage the full lifecycle of a cold email campaign, from domain generation and bulk purchasing to lead list exportation and campaign activation.
[DATA_EXFILTRATION]: As part of its intended functionality, the skill reads API keys from a local .env file and transmits them to the authorized endpoints of the service providers. It also transfers lead data from CSV files to external platforms for enrichment and sending.
[PROMPT_INJECTION]: The ai-company-analysis.ts script presents an indirect prompt injection surface by interpolating data from lead CSV files directly into LLM prompts sent to OpenRouter. This could potentially allow for instruction-based manipulation if a lead entry contains malicious text.
Ingestion points: Lead data is read from CSV files like leads.csv and used by multiple scripts.
Boundary markers: No explicit delimiters are used to separate lead-derived variables from instructions in the LLM prompt templates.
Capability inventory: The skill uses network operations for API interaction, file-system access for credential and data management, and script execution for process automation.
Sanitization: Lead data is not sanitized or escaped before being used in prompt interpolation.

cold-email-starter-kit