email-finder
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's implementation aligns with its described purpose of email discovery without exhibiting malicious behavior.
- [EXTERNAL_DOWNLOADS]: The skill references and provides implementation examples for several well-known third-party APIs, including Hunter.io, Apollo.io, Snov.io, and Clearbit. These references are documented neutrally as they are central to the skill's intended functionality for data enrichment.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests HTML content from untrusted external domains during web scraping. 1. Ingestion points: The scrapeDomainForEmails function in references/full-guide.md fetches HTML content from user-specified domains. 2. Boundary markers: None are present in the provided scraping implementation. 3. Capability inventory: The skill uses network operations (fetch) and regular expression processing. 4. Sanitization: There is no sanitization of the scraped HTML, although the use of regex to extract specific email patterns provides a level of inherent filtering.
Audit Metadata