scrape-leads
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection in the lead classification workflow.
- Ingestion points: Data is ingested in
scripts/classify_leads_llm.py(line 104) from a JSON file containing content scraped from external websites via Apify (e.g., company names, descriptions, and keywords). - Boundary markers: None. The script uses a standard Python
.format()method to interpolate raw scraped data directly into the system-like prompt template at line 31. - Capability inventory: The script uses the LLM's classification result to filter leads which are subsequently written to a file and uploaded to a Google Sheet via
scripts/update_sheet.py. While it does not directly execute system commands based on the LLM output, it allows untrusted external content to influence the agent's data processing logic. - Sanitization: There is no evidence of validation, escaping, or sanitization of the scraped strings before they are interpolated into the prompt template.
Audit Metadata