cold-email
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from LinkedIn profiles and posts (via
mcp__crustdata__enrich_person_by_linkedinandmcp__crustdata__get_person_linkedin_postsinSKILL.md). - Ingestion points: External data enters the context through LinkedIn enrichment tools and web searches.
- Boundary markers: Absent; external data is interpolated into email hooks without delimiters.
- Capability inventory: The skill is limited to text generation and lacks capabilities for shell execution, file writing, or unauthorized network operations.
- Sanitization: No explicit sanitization or filtering of the external data is performed before interpolation.
- [EXTERNAL_DOWNLOADS]: The skill references blog posts and case studies from the vendor's official domain (
inkeep.com). These are used as resources for generating follow-up email content and are documented as legitimate vendor resources. - [DATA_EXFILTRATION]: The skill accesses prospect-related data such as names, titles, and career history to facilitate deep personalization of outreach emails. This behavior is consistent with the skill's primary function and stated purpose.
Audit Metadata