The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill adheres to secure practices by retrieving the required Smartlead API key from an environment variable (SMARTLEAD_API_KEY) instead of using hardcoded secrets.
[DATA_EXFILTRATION]: Local lead and variant data are transmitted exclusively to the official Smartlead API domain (server.smartlead.ai). The script implements a strict allowlist for CSV columns (e.g., email, first_name, last_name) to prevent the accidental upload of sensitive PII not required for the campaign.
[EXTERNAL_DOWNLOADS]: Network operations are limited to authenticated communication with the Smartlead platform to perform campaign management tasks like creating sequences and uploading leads.
[COMMAND_EXECUTION]: The script performs standard file system read operations for configuration and data files. It does not use any high-risk command execution patterns, privilege escalation, or persistence mechanisms.
[SAFE]: The skill includes built-in safety measures, such as forcing campaign creation into 'DRAFT' mode, which necessitates human verification in the Smartlead UI before any emails are actually sent.

smartlead-campaign-upload-public