list-enrichment
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill manages authentication via the 'EXTRUCT_API_TOKEN' environment variable and provides a terminal command to verify its presence without exposing the full secret value.
- [SAFE]: Communication is performed exclusively with the vendor's official API at 'https://api.extruct.ai/v1' and documentation at 'https://www.extruct.ai/docs', which are trusted resources for the author 'extruct-ai'.
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection as it interpolates external company data into prompts for research agents. \n
- Ingestion points: Company domains and table data are retrieved from the user's Extruct tables via 'GET /v1/tables/{table_id}/data' as specified in 'SKILL.md'. \n
- Boundary markers: The prompt templates do not currently employ specialized delimiters or instructions to ignore embedded commands for the '{input}' variable. \n
- Capability inventory: The skill can create and trigger 'research_pro' agents which perform web-based research through the 'POST /v1/tables/{table_id}/columns' endpoint. \n
- Sanitization: No sanitization of the input domain or company data is specified before interpolation.
- [COMMAND_EXECUTION]: The skill suggests running a local terminal command ('echo $EXTRUCT_API_TOKEN | head -c 5') to verify API credentials; this is a standard safety check for the user to ensure environment variables are correctly set and does not represent a privilege escalation risk.
- [SAFE]: The skill includes instructions for comparing local API references against live documentation and updating local files, which is standard procedure for maintaining tool compatibility.
Audit Metadata