lead-qualification
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from the processed LinkedIn profile data. Malicious content within a lead's bio, headline, or experience section could attempt to manipulate the qualification result or the reasoning provided by the agent. (Ingestion points: lead data retrieved via Apify enrichment and web searches in SKILL.md and scripts/enrich_leads.py; Boundary markers: the qualification prompt templates do not include explicit delimiters or instructions to ignore embedded commands within lead data; Capability inventory: the skill can write to local CSV files and modify Google Sheets via Rube MCP; Sanitization: no evidence of sanitization or filtering of the enriched profile data before it is interpolated into the qualification prompt).
- [EXTERNAL_DOWNLOADS]: The enrichment script retrieves data from the well-known Apify API (api.apify.com) as part of the core qualification workflow.
- [COMMAND_EXECUTION]: The skill executes its own Python script, scripts/enrich_leads.py, to handle batch enrichment of LinkedIn profiles.
- [DATA_EXFILTRATION]: Input lead data (LinkedIn URLs) is transmitted to the third-party platform Apify for enrichment. This data transfer is intended and necessary for the functional purpose of the skill.
Audit Metadata