Skills
skills/athina-ai/goose-skills/cold-email-outreach/Gen Agent Trust Hub

cold-email-outreach

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documentation in SKILL.md provides instructions for the user to execute local Python scripts for database initialization, such as python3 tools/supabase/setup_database.py.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted lead data from an external database.
  • Ingestion points: Data is retrieved from the Supabase people table via the SupabaseClient defined in the Phase 1 section of SKILL.md.
  • Boundary markers: There are no explicit delimiters or protective instructions provided when lead data is passed to the email-drafting skill for email personalization.
  • Capability inventory: The skill possesses the capability to write CSV files to the local output/ directory and activate email campaigns through Smartlead MCP tools.
  • Sanitization: No sanitization, validation, or escaping of the retrieved lead data is performed before it is interpolated into prompts for generating email content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:02 PM