heyreach-master
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill ingests untrusted data from the HeyReach API (e.g., campaign names, lead details) via
heyreach_client.py. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands in the data retrieved from the API.
- Capability inventory: The agent is instructed to execute local scripts (
check_heyreach_config.py) and write user-provided input directly to the.envfile. - Sanitization: No sanitization or validation of the API data or user-provided credentials is required by the instructions.
- CREDENTIALS_UNSAFE (MEDIUM): The skill explicitly handles sensitive API keys and instructs the AI to write them directly to a
.envfile. While this is functional for setup, the lack of input validation or secure storage mechanisms poses a risk of credential exposure or file corruption if the process is manipulated. - COMMAND_EXECUTION (MEDIUM): The skill requires the agent to execute local Python scripts (
python check_heyreach_config.py). While these are internal scripts, their execution in a context where external data is also being processed elevates the risk of exploitation via injection.
Recommendations
- AI detected serious security threats
Audit Metadata