crustdata-supabase
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates a high level of security awareness, including explicit safety policies for the agent to avoid automated database writes without user review. No obfuscation, persistence, or privilege escalation patterns were detected.
- [COMMAND_EXECUTION]: The skill uses Python scripts (
prospect_search.py,setup_database.py) to manage its lead-generation pipeline and database setup. These are transparently implemented and necessary for the tool's documented function. - [EXTERNAL_DOWNLOADS]: Network calls are made to the CrustData API and Supabase for lead fetching and data storage. These connections are legitimate for the skill's primary use case and target well-known services.
- [PROMPT_INJECTION]: The skill processes third-party lead data (e.g., LinkedIn headlines), which represents a surface for indirect prompt injection. This risk is effectively mitigated by specific instructions that require the agent to present samples and obtain user approval before any permanent data operations.
Audit Metadata