lead-scorer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection risk via website scraping. The skill ingests text from external, untrusted homepages and sitemaps. An attacker could embed hidden instructions to manipulate the agent's scoring logic or subsequent outreach tasks. * Ingestion points: Homepage text, meta tags, and sitemap content (scripts/score_lead.py). * Boundary markers: Absent; no specific delimiters or instruction-ignore warnings are mentioned in the documentation. * Capability inventory: Network access for scraping/DNS, CSV processing, and reporting results to the agent. * Sanitization: Unverifiable due to the missing implementation script.\n- COMMAND_EXECUTION (LOW): The skill is documented to run a Python script (
scripts/score_lead.py) to process leads and generate scores.\n- EXTERNAL_DOWNLOADS (SAFE): The skill depends ondnspython, a reputable library for DNS queries. This is considered a safe and standard dependency for the tool's intended purpose.\n- NO_CODE (LOW): The filescripts/score_lead.pyis referenced as the core logic but is missing from the skill package. This limits the ability to verify that network requests and data processing are handled securely.
Audit Metadata