inbound-lead-enrichment
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious code, obfuscation, or unauthorized data access patterns were identified. The skill's behavior is consistent with its stated goal of enriching sales leads.
- [EXTERNAL_DOWNLOADS]: The skill integrates with well-known business services and APIs, including Apollo, Crunchbase, Apify, HubSpot, Salesforce, and Supabase (a trusted vendor) to gather and sync lead data.
- [PROMPT_INJECTION]: As the skill ingests external content from web searches and LinkedIn profiles, it possesses a surface for indirect prompt injection.
- Ingestion points: Data from web searches (Step 2) and LinkedIn scraper results (Step 3) are incorporated into lead profiles.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the processed external data.
- Capability inventory: The skill includes file system access (via the Read/Write tool) and the ability to interact with CRM platforms.
- Sanitization: No specific sanitization or validation logic is defined for the content retrieved from external sources.
Audit Metadata