outbound-prospecting-engine
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from external sources to influence agent output.
- Ingestion points: The workflow ingests external data from LinkedIn posts, comments, and job postings via skills like
linkedin-post-researchandjob-posting-intentin Steps 1 and 2. - Boundary markers: The playbook does not define explicit delimiters or instructions to ignore embedded commands within the ingested signal data.
- Capability inventory: The skill utilizes
setup-outreach-campaignwhich performs network operations to external services (Smartlead) andagentmailfor sending emails. - Sanitization: No sanitization or filtering logic is specified in the playbook to process external content before it is used to generate personalized email sequences in Step 6.
- [DATA_EXFILTRATION]: The skill facilitates the collection and export of contact information (emails, LinkedIn URLs) to external platforms.
- The workflow explicitly finds decision-maker contacts (Step 4) and uploads this lead list to the Smartlead campaign management service (Step 7). This is the primary intended function of the skill, but users should be aware that sensitive lead data is being sent to a third-party service.
Audit Metadata