campaign-sending
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch provider API documentation from external websites if a pre-configured reference is not available. This retrieval of unverified content from the internet introduces risk.
- [DATA_EXFILTRATION]: The skill's primary function is to transmit sensitive data, including API keys and contact information (emails, names, company domains), to external service providers such as Instantly.ai.
- [COMMAND_EXECUTION]: The workflow involves the execution of network requests and API interactions to manage campaigns and upload leads to remote servers.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection:
- Ingestion points: Processes external CSV files containing lead data and potentially untrusted API documentation fetched from the web.
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore' commands when processing the external data.
- Capability inventory: The agent performs network operations (API calls) which could be influenced by malicious instructions embedded in the ingested content.
- Sanitization: No explicit sanitization or validation steps are defined for the documentation content or CSV fields before they are used to drive the workflow.
Audit Metadata