lead-intelligence
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface across multiple agents. The pipeline ingests untrusted data from external sources including X (tweets and bios), LinkedIn profiles, and general web search results via Exa. This data is used to calculate scores and generate personalized outreach messages.
- Ingestion points: signal-scorer.md and enrichment-agent.md use WebSearch and WebFetch tools to retrieve lead information.
- Capability inventory: The agents have access to Bash, Read, and network operations (WebFetch).
- Sanitization: There are no explicit instructions for the agents to sanitize or ignore embedded instructions within the fetched data, creating a risk that malicious profile content could influence agent behavior or outreach content.
- [COMMAND_EXECUTION]: Several agents (signal-scorer, mutual-mapper, enrichment-agent) are granted access to the Bash tool. The instructions provided for these agents are benign and focused on data processing and ranking, but the tool provides a significant capability surface that requires trust in the agent's logic to prevent unintended command execution.
Audit Metadata