lead-enrichment
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted data from external sources (LinkedIn, web searches, and company websites) to update a CRM database (v_leads). This creates an attack surface where an external actor could influence the agent's actions through malicious content embedded in the scraped data.\n
- Ingestion points: External content is fetched via web_search, web_fetch, and the linkedin-scraper skill (SKILL.md).\n
- Boundary markers: Absent; the enrichment pipeline does not use delimiters or instructions to ignore potential commands within the fetched external content.\n
- Capability inventory: The skill executes SQL UPDATE commands on the v_leads table based on the results of the enrichment (SKILL.md).\n
- Sanitization: There is no evidence of sanitization, validation, or escaping of the strings retrieved from the web before they are used in SQL updates or further processing steps.
Audit Metadata