lead-enrichment
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The script
scripts/enrich_lead.pyaccesses sensitive local configuration files, specifically~/.envand~/Documents/_projects/n8n-automations/.env, to retrieve API tokens. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it incorporates untrusted data from external web sources into its synthesis prompt without sanitization or boundary markers.
- Ingestion points:
scripts/enrich_lead.pyfetches content from Google searches, LinkedIn profiles, and Perplexity research. - Boundary markers: Synthesis prompts do not utilize clear delimiters or instructions to ignore commands within the fetched data.
- Capability inventory: The skill can perform network requests via
aiohttpand update records in the Attio CRM. - Sanitization: No content filtering or validation is performed on data retrieved from external sources before it is passed to the LLM.
- [COMMAND_EXECUTION]: The skill workflow involves executing local Python scripts to coordinate API calls and validate enrichment data.
- [EXTERNAL_DOWNLOADS]: The skill retrieves data from well-known services including Apify and OpenRouter, and sends data to the Attio CRM API.
Audit Metadata