Skills
skills/composiohq/awesome-claude-skills/Apollo Automation/Gen Agent Trust Hub

Apollo Automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from the Apollo.io database through search tools and has the capability to modify state via APOLLO_CREATE_CONTACT and APOLLO_UPDATE_CONTACT_STAGE. Maliciously crafted lead records could influence the agent to perform unauthorized actions or updates. Evidence: Data enters via APOLLO_PEOPLE_SEARCH and APOLLO_ORGANIZATION_SEARCH; Boundary markers and sanitization are absent; Capabilities include database write operations.
  • [DATA_EXFILTRATION] (MEDIUM): Enrichment tools such as APOLLO_PEOPLE_ENRICHMENT use a webhook_url parameter to deliver sensitive PII like phone numbers. If an attacker can manipulate the prompt to provide a malicious URL, sensitive prospect data can be exfiltrated.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connecting to an external MCP server at https://rube.app/mcp. This domain is not among the recognized trusted sources, posing a supply chain risk through unverified third-party infrastructure.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:37 AM