Skills
skills/aspenas/ironclaw-skills/outreach-sequencer/Gen Agent Trust Hub

outreach-sequencer

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Persistence (HIGH): The skill configures a recurring cron job for automated execution. It schedules periodic 'agentTurn' actions that query a database and trigger message delivery via browser automation and CLI tools without manual intervention.
  • Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection through its personalization engine.
  • Ingestion points: Lead profile data (e.g., name, company, trigger) is pulled from the 'v_leads' DuckDB view.
  • Boundary markers: Absent. Profile data is directly interpolated into message templates using variables like {personalized_body}.
  • Capability inventory: Access to 'gog' CLI (email) and browser automation (LinkedIn messaging).
  • Sanitization: No evidence of sanitization or safety filtering exists for the external data before it is used in command arguments.
  • Command Execution (MEDIUM): The skill executes the 'gog' CLI tool with arguments derived from potentially untrusted database content. Malicious content in the database could lead to command argument injection.
  • Data Exfiltration (LOW): The skill is designed to read PII from a local database and transmit it to external third-party platforms (LinkedIn and Gmail).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 02:52 PM