sdr-bdr-automation
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection due to its data processing pipeline.
- Ingestion points: Untrusted data enters the system through various Apify scrapers targeting LinkedIn profiles, Google Maps, and general web content (found in Step 1 and Step 2).
- Boundary markers: The AI personalization prompt in Step 4 lacks clear delimiters (e.g., XML tags or triple quotes) around the variable placeholders like
{{trigger_event}}and{{pain_points}}to prevent the model from obeying instructions potentially hidden in that data. - Capability inventory: The skill possesses significant output capabilities, including sending automated emails via the Smartlead API, initiating LinkedIn connections, and sending WhatsApp messages.
- Sanitization: There is no evidence of data sanitization, escaping, or validation performed on the scraped content before it is passed to the Gemini Flash model for content generation.
Audit Metadata