data-enrichment
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
agentcashpackage from the npm registry usingnpm install -g. Additionally, it usesnpx agentcash@latestto dynamically fetch and execute the most recent version of the tool at runtime. - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to interact with the enrichment APIs and manage an internal wallet (e.g.,
npx agentcash@latest wallet info,npx agentcash@latest fetch). - [DATA_EXFILTRATION]: The skill is designed to transmit user-provided contact information, such as emails, names, and LinkedIn URLs, to external API endpoints at
stableenrich.dev. While this is the intended functionality of the skill, it involves the transfer of PII to a third-party service. - [PROMPT_INJECTION]: The skill processes structured data from external enrichment APIs, which presents an indirect prompt injection surface.
- Ingestion points: Data is ingested from various endpoints under
https://stableenrich.dev/api/, includingpeople-enrichandlinkedin-scrape(found inSKILL.md). - Boundary markers: There are no clear boundary markers or instructions to the agent to treat the fetched data as untrusted or separate from its instruction set.
- Capability inventory: The agent can execute CLI commands and file operations via the
agentcashtool. - Sanitization: No sanitization or validation logic is specified for the data returned by the external APIs before the agent interprets it.
Audit Metadata