prospecting-research
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through its data gathering process. * Ingestion points: Step 1 and Step 2 explicitly direct the agent to collect firmographic and contact data from external websites, LinkedIn, news reports, and job postings. * Boundary markers: The instructions do not include delimiters or specific instructions to the agent to ignore potentially malicious prompts embedded within the researched content. * Capability inventory: The skill utilizes an external MCP server (@clawfu/mcp-skills) which likely provides the necessary tool-use capabilities for web interaction. * Sanitization: There are no sanitization or validation steps defined to filter the content retrieved from external sources before it is interpreted by the agent.
Audit Metadata