The Agent Skills Directory

[SAFE]: The skill implements secure secret management by utilizing process.env.APOLLO_API_KEY for API authentication rather than hardcoding credentials.
[SAFE]: All network operations are targeted at official Apollo.io domains (api.apollo.io) for lead search and enrichment purposes.
[PROMPT_INJECTION]: The skill processes external data from Apollo.io (e.g., contact names, titles, and company details) and has access to powerful tools like Bash and Write. While this constitutes a potential surface for indirect prompt injection (Category 8), the risk is minimal given the structured nature of the data source and the absence of malicious intent.
Ingestion points: Response data from POST /mixed_people/api_search, POST /mixed_companies/search, and POST /people/match as defined in src/workflows/lead-search.ts, src/workflows/org-search.ts, and src/workflows/enrich.ts.
Boundary markers: Absent; the skill does not currently use specific delimiters to isolate external data in the prompt context.
Capability inventory: Access to Read, Write, Edit, Bash(npm:*), Bash(pip:*), and Grep tools.
Sanitization: The provided code snippets do not show explicit sanitization or filtering of the API data before use.

apollo-core-workflow-a