The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill processes external data from the Apollo API in 'SKILL.md' (e.g., in 'enrichLead' and 'searchAndEnrich' methods) without boundary markers or explicit sanitization to prevent embedded instructions from influencing the agent.
[COMMAND_EXECUTION]: The skill requests broad permissions for 'Bash(gh:)' and 'Bash(curl:)' in its frontmatter. While no malicious usage is present in the documentation, these tools provide significant system and network access capabilities.
[DATA_EXFILTRATION]: The architecture handles sensitive Personal Identifiable Information (PII) such as contact emails and LinkedIn profiles. The combined availability of network tools like 'curl' establishes a potential path for data exfiltration that should be monitored.

apollo-reference-architecture