setup-outreach-campaign
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses environment variables (SMARTLEAD_API_KEY) for authentication, which is the recommended practice for managing sensitive credentials.\n- [SAFE]: Network requests are restricted to the official Smartlead domain (server.smartlead.ai), aligning with the skill's stated purpose of managing outreach campaigns. Note that the service's API requires the API key in the URL query string, which is a potential exposure point in server logs.\n- [PROMPT_INJECTION]: Analysis of the indirect prompt injection attack surface:\n
- Ingestion points: The skill accepts lead data via CSV or JSON files (SKILL.md).\n
- Boundary markers: No explicit separators or 'ignore instructions' markers are defined for the agent during data processing.\n
- Capability inventory: The skill leverages the smartlead-api capability to perform authenticated web requests.\n
- Sanitization: The skill implements validation for email formats but lacks specific sanitization for malicious prompts within lead data fields.
Audit Metadata