The Agent Skills Directory

[SAFE]: The skill implementation is transparent and follows its stated purpose. No malicious obfuscation, exfiltration patterns, or persistence mechanisms were detected. All external service interactions (Apollo, SixtyFour, and Supabase) are necessary for the skill's functionality.
[PROMPT_INJECTION]: No override instructions or safety bypasses were found in the skill metadata or scripts. The instructions in SKILL.md specifically direct the agent to wait for human approval before database writes, which acts as a defense against accidental data corruption or unexpected behavior.
[COMMAND_EXECUTION]: The skill is composed of several Python scripts intended for CLI usage. These scripts handle structured data and do not incorporate unsafe sinks for arbitrary command execution. Command-line flags are used correctly for feature control (e.g., --dry-run, --sample).
[EXTERNAL_DOWNLOADS]: The skill communicates with the Apollo and SixtyFour APIs for data retrieval and enrichment. These interactions are standard for the lead generation use-case and use specialized client tools provided in the local environment. There are no downloads from unknown or untrusted remote servers.
[SAFE]: [Indirect Prompt Injection Surface Evaluation]
Ingestion points: Data retrieved from Apollo and SixtyFour APIs (processed in tam_builder.py and recover_sixtyfour_people.py).
Boundary markers: Data is handled as structured JSON and mapped to specific database columns; the logic treats input as data fields rather than instructions.
Capability inventory: Database CRUD operations on Supabase and network requests to lead providers.
Sanitization: Data is normalized to the target schema. While the content itself is not sanitized for prompt characters, the risk is negligible as the data is not re-interpreted as instructions.

tam-builder