Skills
skills/shipshitdev/library/email-finder/Gen Agent Trust Hub

email-finder

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network operations to external domains including hunter.io, apollo.io, snov.io, and clearbit.com to retrieve contact information using provided API keys.
  • [DATA_EXFILTRATION]: The implementation in references/full-guide.md executes web scraping on user-specified domains to extract email addresses from publicly available content.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its web scraping functionality.
  • Ingestion points: Web content retrieved via the scrapeDomainForEmails function in references/full-guide.md is directly processed and returned to the agent context.
  • Boundary markers: Absent; there are no delimiters or instructions provided to the agent to disregard potential commands found within the scraped HTML content.
  • Capability inventory: The skill utilizes fetch for external network requests and scraping, and performs DNS resolution via dns.resolveMx.
  • Sanitization: Absent; the skill extracts data using regular expressions but does not validate or sanitize the content for malicious instructions before passing it to the agent.
  • [EXTERNAL_DOWNLOADS]: The documentation in references/full-guide.md specifies a dependency on the python-whois package for domain registration lookups.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 07:31 AM