champion-move-outreach
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection because it ingests untrusted data from the web to synthesize outreach messages.
- Ingestion points: Data is collected from external sources including LinkedIn profiles, Apollo, and general web searches during the detection (Step 1) and research (Step 2) phases.
- Boundary markers: The drafting process in Step 4 lacks explicit boundary markers or system instructions to ignore potential commands embedded within the retrieved prospect data or company descriptions.
- Capability inventory: The skill has access to
web-search,contact-finding, andemail-draftingcapabilities, and connects to external outreach skills. - Sanitization: There is no mention of sanitizing or filtering external content before it is used as context for the LLM to generate personalized outreach sequences.
Audit Metadata