The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/email_verifier.py uses subprocess.run to call the check_if_email_exists CLI tool when in reacher-cli mode. The inputs for this command (names and domains) are sanitized using regular expressions (re.sub(r"[^\w\s]", "", ...)) before being passed as arguments in a list, mitigating command injection risks.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to autocomplete.clearbit.com for company domain resolution and validemail.co for email validation. These are standard operations for the skill's stated purpose of email enrichment and verification.
[DATA_EXFILTRATION]: While the skill sends email permutations to external APIs, this is the intended core functionality. The script does not access sensitive system files or environment variables beyond the required VALIDEMAIL_API_KEY provided by the user.
[INDIRECT_PROMPT_INJECTION]: The skill ingests data from external CSV files. While this creates a potential surface for indirect prompt injection if the agent were to interpret cell contents as instructions, the primary processing is handled via a Python script that treats inputs as data strings and applies sanitization filters.

cold-email-verifier