afrexai-lead-hunter
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it requires the agent to ingest and act upon untrusted data from the web.
- Ingestion points: Data is retrieved from LinkedIn profiles, GitHub, job boards, and company homepages (SKILL.md Phase 2 and 3).
- Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore potentially malicious instructions within the scraped content.
- Capability inventory: The agent is authorized to perform web searches, visit external URLs, and generate outbound emails based on the findings.
- Sanitization: Absent. There is no requirement for the agent to sanitize or validate extracted text before using it in personalized outreach templates.
- [NO_CODE]: Analysis confirms the skill package contains no executable Python, JavaScript, or binary files.
- [SAFE]: External URLs (afrexai-cto.github.io) point to the vendor's own documentation and supplementary resources.
Audit Metadata