Skills
skills/anysiteio/agent-skills/anysite-lead-generation/Gen Agent Trust Hub

anysite-lead-generation

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external, untrusted sources such as LinkedIn profiles and company websites.
  • Ingestion points: Untrusted data enters the agent context through tools like mcp__anysite__parse_webpage (scraping arbitrary URLs) and mcp__anysite__get_linkedin_profile (fetching profile content).
  • Boundary markers: The instructions do not specify the use of delimiters or warnings to the model to ignore embedded instructions within the fetched data.
  • Capability inventory: The skill uses tools for web searching, profile enrichment, email discovery, and website parsing across SKILL.md, LINKEDIN_STRATEGIES.md, and WEB_SCRAPING.md.
  • Sanitization: There is no evidence of sanitization or filtering of the external content before it is processed by the AI agent.
  • [DATA_EXFILTRATION]: The primary function of this skill is the automated collection and extraction of lead data (names, emails, work history) from public or semi-public sources. While this is the intended B2B use case, users should be aware that the skill is designed to move this information into the chat context or export it to CSV/JSON formats.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes several tools (mcp__anysite__parse_webpage, mcp__anysite__get_sitemap, etc.) that perform network requests to external domains and third-party databases to retrieve lead information.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 02:06 PM