Skills
skills/openfunnel/openfunnel-skills/enrich-people-with-email-and-phone/Gen Agent Trust Hub

enrich-people-with-email-and-phone

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Shell Argument Injection: The skill's workflow instructs the agent to pass raw user input (such as email addresses and verification codes) as positional arguments to the signup.sh and api.sh scripts. This creates a vulnerability where a malicious user could provide input containing shell metacharacters (e.g., subshells or backticks) that would be executed by the host shell during the command invocation.
  • [PROMPT_INJECTION]: Indirect Injection Surface: The skill ingests data from the external OpenFunnel API and presents it to the agent/user.
  • Ingestion points: Data returned from /api/v1/enrich/people and filtered people lists.
  • Boundary markers: Absent in the presentation logic.
  • Capability inventory: The skill has the ability to execute shell scripts and write to the filesystem (.env).
  • Sanitization: No sanitization or escaping of the ingested API data is performed before it is processed or displayed.
  • [SAFE]: Credential Management: The skill follows security best practices by using a local .env file to store API keys and utilizing wrapper scripts (api.sh, signup.sh) for authenticated requests. This ensures that sensitive credentials are kept out of the agent's conversational context and output logs.
  • [SAFE]: Trusted Domain Communication: All network activity is restricted to the author's official domain (api.openfunnel.dev), and the skill includes automated steps to ensure the environment file is added to .gitignore to prevent accidental exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 06:13 PM