crm-prospect-mining
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from CRM records, emails, and meeting transcripts without explicit sanitization or boundary markers.
- Ingestion points: CRM fields (notes, descriptions), email bodies, and meeting transcripts (SKILL.md, agents/comms-summarizer.md).
- Boundary markers: Absent; the instructions do not require the agent to wrap untrusted content in protective delimiters.
- Capability inventory: The agent can execute Python scripts, perform network requests via Apify and WebSearch, and write to the local filesystem (SKILL.md).
- Sanitization: Absent; no validation or filtering of ingested text is performed before it is processed by the LLM.
- [COMMAND_EXECUTION]: The skill utilizes dynamic execution by instructing the agent to generate and run Python scripts for filtering email domains and merging datasets (SKILL.md). While a common pattern for data processing, it involves executing code generated at runtime based on ingested data.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the Apify platform to run the "scrapeverse/linkedin-company-profile-scraper-pay-per-event" actor. While Apify is a well-known service, the skill relies on a third-party actor to perform its core functionality.
- [DATA_EXFILTRATION]: The skill transmits company LinkedIn URLs to the external Apify platform for scraping purposes. While necessary for the skill's stated function, it constitutes an external data transfer of information derived from the user's CRM.
Audit Metadata