ABM Outbound

SUSPICIOUS: The skill is largely aligned with its stated ABM purpose and uses mostly official service APIs, but it processes high-sensitivity prospect PII and relies on community Apify actors for scraping and skip-tracing. The main risk is broad personal-data sharing and real-world outreach automation, not confirmed malware or hidden credential theft.

No direct evidence of malware or deliberate obfuscation in the provided examples. The primary security concern is privacy and abuse: the examples show how to request and receive highly sensitive PII (including home addresses and personal contact details) and do not demonstrate safeguards for consent, legal basis, secure key handling, or safe storage. Integrators should treat these APIs as high-risk operations: ensure lawful basis and consent, avoid requesting HOME addresses unless necessary, keep API keys out of shell history and logs (use secure secret stores), encrypt PII at rest, enforce access controls and retention limits, and strengthen validation logic beyond a simple state comparison.