contacts

The described approach is coherent for an internal, vault-backed contact management and enrichment workflow. It is not inherently malicious and is appropriate for tightly controlled environments, but to reduce privacy and data governance risk, implement explicit consent mechanisms, robust access controls, secret management, and auditing for enrichment endpoints and data stores. Consider adding formal data governance ADRs, minimal data collection by default, and encryption/configuration details for the local vault and downstream indexing systems.