cold-email-outreach
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation includes a truncated example of a Supabase Service Role Key and instructs the user to provide this key in a
.envfile. This specific key type is highly sensitive as it bypasses all Row Level Security (RLS) policies, granting administrative access to the database. - [DATA_EXFILTRATION]: The skill implements a workflow that reads personally identifiable information (PII), such as names and email addresses, from a private database and transmits it to external outreach services (Smartlead) or exports it to local CSV files.
- [COMMAND_EXECUTION]: The skill requires the execution of a local Python script (
tools/supabase/setup_database.py) to initialize the database environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted data from the
peopletable in Supabase and interpolates it into prompts for theemail-draftingskill without sanitization or boundary markers. - Ingestion points: Lead data (names, titles, companies) retrieved from the Supabase
peopletable. - Boundary markers: None identified in the Phase 3 email generation instructions.
- Capability inventory: File writing (CSV exports to
/output/), network operations (viamcp__smartlead__*tools), and database writes (Supabase logging). - Sanitization: No evidence of input validation or escaping before passing lead data to the generation engine.
Audit Metadata