inbound-lead-enrichment

SUSPICIOUS: the core enrichment and CRM lookup functions match the stated purpose, and there is no explicit malicious payload or installer chain. The main risks are third-party Apify actor use for LinkedIn scraping, possible credential/session forwarding, broad external-content ingestion with write capabilities, and autonomous CRM/Supabase updates without clear user confirmation.