heyreach
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill reads and writes to a local .env file to manage the HEYREACH_API_KEY and communicates with api.heyreach.io. Although .env is a sensitive path and the domain is not whitelisted, these actions are essential for the skill's primary purpose and are limited to the specific API key required for the service.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the HeyReach API, including LinkedIn profile information and conversation messages. Evidence Chain: (1) Ingestion points: get_leads.py and get_conversations.py. (2) Boundary markers: Absent. (3) Capability inventory: File read/write to .env and network operations via the requests library. (4) Sanitization: External data is printed or returned as JSON without explicit filters for malicious prompt content.
- [Unverifiable Dependencies] (LOW): The configuration script identifies if the 'requests' library is missing and may prompt the agent to install it. While 'requests' is a trusted package, it is a third-party dependency installed from a remote registry.
- [Command Execution] (SAFE): The skill uses localized Python scripts that handle arguments via the argparse library. No evidence of unsafe shell command construction or dynamic code evaluation (eval/exec) was found.
Audit Metadata