apollo-outreach
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The skill instructs the agent to access and read
~/.claude/.env.globalto retrieve an API key. According to the security guidelines, accessing sensitive file paths like .env files is a high-severity concern; however, the severity is downgraded to medium here as the access is required for the skill's primary purpose of authenticating with the Apollo.io API. Data transmission is limited to the legitimate api.apollo.io domain. - [COMMAND_EXECUTION] (SAFE): The skill provides standard
curlcommand templates for interacting with the official Apollo.io API. These commands are used as intended for data retrieval and enrichment without suspicious execution patterns. - [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection by ingesting untrusted data from the Apollo.io API. Evidence from SKILL.md: 1. Ingestion points: API responses for people search and company enrichment. 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the API response. 3. Capability inventory: The skill uses
curlto perform further network requests. 4. Sanitization: Absent; the agent is not instructed to sanitize or validate the external data before processing. - [NO_CODE] (SAFE): This skill contains only markdown instructions and command examples, with no accompanying executable scripts or binaries.
Audit Metadata