Skills
skills/extruct-ai/gtm-skills/post-engagers/Socket

post-engagers

Warn

Audited by Socket on Mar 22, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s footprint broadly matches its stated lead-generation purpose, but it relies on multiple third-party scraping providers, forwards credentials to them, delegates execution to another skill, and processes external docs dynamically. There is no clear malware payload or hidden exfiltration beyond the stated prospecting workflow, but the credential-forwarding and transitive-trust model make it a medium-high security risk.

Confidence: 85%Severity: 72%
Audit Metadata
Analyzed At
Mar 22, 2026, 02:43 PM
Package URL
pkg:socket/skills-sh/extruct-ai%2Fgtm-skills%2Fpost-engagers%2F@80e350bcd9d3aeda0331bff70e5e6d33dfe72650