hiring-signal-outreach
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a 'composite' workflow consisting solely of markdown instructions and metadata. It does not include executable scripts, binaries, or hidden commands.
- [COMMAND_EXECUTION]: The skill documentation references capabilities like
web-searchandcontact-finding, which are standard tools for sales automation. There are no instructions for arbitrary or high-risk shell command execution. - [DATA_EXFILTRATION]: While the skill involves collecting company and contact data, this is within the legitimate scope of its stated purpose (hiring signal outreach). Data is intended to be handed off to established outreach platforms (e.g., Smartlead, Lemlist) or stored in local configuration files for project management.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a process that ingests untrusted data from the web (job descriptions from LinkedIn, Indeed, etc.).
- Ingestion points: Job description text retrieved via web-search and job-search tools (Step 1).
- Boundary markers: The skill does not explicitly define delimiters to separate job description content from instructions during the email drafting phase (Step 4).
- Capability inventory: The skill has access to
email-draftingandweb-searchcapabilities. - Sanitization: There are no instructions for sanitizing or filtering instructions that might be embedded in job postings by malicious actors. While this represents a vulnerability surface, it is inherent to the skill's primary function and not a malicious implementation.
Audit Metadata