marketing-prospecting

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill provides detailed and legitimate instructions for marketing research workflows across three distinct business branches (SaaS, B2B, and Local SMB). It incorporates extensive compliance documentation regarding data privacy and platform terms of service.\n- [COMMAND_EXECUTION]: The skill mentions executing a local utility script (node tools/clis/github-prospects.js) for processing GitHub stargazers and forks. This is used for data enrichment within the scope of public repository research and does not represent an escalation of privilege.\n- [EXTERNAL_DOWNLOADS]: The instructions reference several well-known and trusted technology services (e.g., Apollo, ZoomInfo, Clearbit, GitHub, Crunchbase) for data discovery and enrichment. These references are used for standard research activity and do not involve the execution of untrusted remote code.\n- [PROMPT_INJECTION]: The skill ingests data from external business websites through tools such as Firecrawl and Browserbase. This creates an indirect prompt injection surface where third-party content enters the agent's context. Boundary markers for this data are not explicitly defined in the instructions. Capability inventory includes network operations via established marketing APIs and local file system writes for CSV generation. No explicit sanitization or filtering of external data is documented in the instructions, but the skill advises manual verification and compliance as safeguards.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:26 PM
Security Audit — agent-trust-hub — marketing-prospecting