skills/jeremylongshore/claude-code-plugins-plus-skills/apollo-migration-deep-dive/Gen Agent Trust Hub
apollo-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection through its handling of external CRM data from sources like Salesforce and HubSpot.
- Ingestion points: Records are fetched from external systems using
fetchSourceRecordsandfetchAllSourceRecordsas documented inreferences/implementation-guide.md. - Boundary markers: The provided implementation logic does not explicitly use delimiters or instructions to ignore potential commands embedded within the processed CRM records.
- Capability inventory: The skill's execution environment includes
Writeaccess andBash(curl:*)for network operations, which could be leveraged if malicious data is processed. - Sanitization: The implementation guide includes
transformandvalidationfunctions (e.g.,isValidEmail,normalizeTitle,normalizePhone) to verify and clean data fields before they are migrated to the target system. - [SAFE]: External URLs used for resources point exclusively to official documentation for established services including Apollo.io, Salesforce, and HubSpot.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized privilege escalation patterns were detected in the provided scripts or configuration.
Audit Metadata