smartlead-api
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves exclusively as a documentation and pattern reference for the Smartlead API. It contains no executable scripts or active operational logic.\n- [EXTERNAL_DOWNLOADS]: The documentation mentions the @smartlead/cli Node.js package. This is a legitimate utility associated with the well-known service being documented and does not represent a security risk.\n- [PROMPT_INJECTION]: The skill defines patterns for processing untrusted external data, which identifies an indirect prompt injection attack surface.\n
- Ingestion points: Lead data and sequence bodies described in SKILL.md (via API and CSV patterns).\n
- Boundary markers: No explicit delimiters for data-instruction separation are provided in the reference patterns.\n
- Capability inventory: Documents the use of network-enabled tools (fetch, CLI) to manage email accounts and outreach campaigns.\n
- Sanitization: No input validation or content sanitization steps are defined in the reference code snippets.
Audit Metadata