apollo-debug-bundle
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: Partial credential exposure through prefix logging. The script 'scripts/apollo-debug-bundle.ts' in 'references/implementation-guide.md' extracts and stores the first 8 characters of the 'APOLLO_API_KEY' environment variable in a diagnostic bundle. Provided shell commands in the implementation guide explicitly output the API key length and prefix to the terminal.
- [DATA_EXFILTRATION]: Insecure credential handling in network requests. The debug script and shell examples transmit the 'APOLLO_API_KEY' in the URL query string ('?api_key=...'). This practice can leak sensitive credentials to server logs, proxy logs, and local command history.
- [PROMPT_INJECTION]: Potential for indirect prompt injection from API responses. The skill processes data from the external Apollo.io API and writes it to a local file ('apollo-debug-.json'). If the API returns malicious content, it could influence the agent when the debug bundle is later read or processed. Findings: 1) Ingestion points: Apollo.io API responses ('api.apollo.io'). 2) Boundary markers: Not implemented in the script output or file writing logic. 3) Capability inventory: The skill uses 'Bash(curl:)', 'Read', and 'Grep' tools, and the implementation guide provides code for file writing ('writeFileSync') and shell execution. 4) Sanitization: The 'sanitizeResponse' function provides basic masking for contact data but does not perform security-focused sanitization of text content.
- [COMMAND_EXECUTION]: Execution of diagnostic shell commands. The implementation guide provides several 'curl' and 'bash' commands to test connectivity and authentication, which involve sensitive environment variables.
- [EXTERNAL_DOWNLOADS]: Dependency on external libraries. The provided TypeScript implementation requires the 'axios' package for network requests.
Audit Metadata