leadership-change-outreach
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external sources (Apollo API and LinkedIn profile/post data) and incorporates it into email drafting prompts. An attacker could potentially influence the agent's behavior by placing malicious instructions in a LinkedIn profile or post that the skill retrieves.
- Ingestion points: Data results from Apollo API queries and LinkedIn profile/post scraping (referenced in Step 3).
- Boundary markers: The instructions do not define clear delimiters or 'ignore embedded instructions' warnings for the external data being processed.
- Capability inventory: Uses the
apollo-lead-findercapability for API access andemail-draftingfor LLM text generation. - Sanitization: There is no evidence of sanitization, escaping, or validation of the external content before it is interpolated into the outreach prompts.
- [COMMAND_EXECUTION]: The skill provides explicit Python code snippets (e.g., for GTM leader filtering and Apollo API calls) that the agent is instructed to execute locally. While the logic is consistent with the skill's stated purpose, the execution of local code provided in instructions represents a managed risk.
Audit Metadata