linkedin-outreach
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection via processed lead signal data. The skill ingests untrusted data, such as the text of LinkedIn comments (
{comment_snippet}), from a Supabase database to personalize outreach messages. There are no instructions or patterns provided for using boundary markers, delimiters, or sanitization to prevent malicious instructions embedded in these comments from influencing the agent's output. - [DATA_EXFILTRATION]: Access and export of sensitive lead information and database credentials. The skill requires a Supabase service role key and URL to interact with lead data stored in the
peopleandoutreach_logtables. It reads personal identifying information (PII) including names, titles, and LinkedIn URLs, and exports this data to local CSV files in theskills/linkedin-outreach/output/directory for manual import into external tools.
Audit Metadata