leadgenius-api
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded AppSync API keys and sensitive identifiers are present in several utility and demo scripts.
- Evidence: Hardcoded 'x-api-key: da2-5u4a7hbhvbb2fdsj2ys2h2pljy' found in scripts/create_edu_demo.py, scripts/create_fin_demo.py, and scripts/fix_leads.py.
- [DATA_EXFILTRATION]: The skill stores and manages authentication tokens (JWT and API keys) in a local plaintext JSON file, exposing session credentials.
- Evidence: References to '~/.leadgenius_auth.json' for storage of tokens and email addresses in scripts/auth.py, scripts/api_call.py, scripts/lgp.py, and scripts/test_api.py.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting lead data from external APIs and passing it to AI processing and chat endpoints without apparent sanitization.
- Ingestion points: Lead data fetched from the /api/leads and /api/enrich-leads endpoints.
- Boundary markers: No delimiters or explicit instructions to ignore embedded content were found in the API request templates.
- Capability inventory: Substantial capabilities including creating, updating, and deleting leads and clients, as well as triggering AI enrichment and SDR tasks.
- Sanitization: No sanitization or validation of lead field content before processing via /api/epsimo-chat or processing routes.
Recommendations
- AI detected serious security threats
Audit Metadata