apollo
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): The skill follows standard patterns for B2B lead enrichment. It uses the
reflyCLI to execute remote workflows on a known platform (Refly.ai). There are no signs of credential theft, unauthorized data access, or malicious intent. - [NO_CODE] (SAFE): The skill does not include any Python, Node.js, or shell scripts. It purely consists of markdown documentation and example CLI commands for the
reflytool. This significantly reduces the attack surface for local execution vulnerabilities. - [INDIRECT_PROMPT_INJECTION] (LOW): As with any skill that retrieves data from external sources (Apollo.io), there is a theoretical risk of indirect prompt injection if the lead data contains malicious instructions meant to influence the AI's subsequent behavior.
- Ingestion points: Untrusted search results are retrieved via
refly workflow toolcallsinSKILL.md. - Boundary markers: Absent; the skill does not explicitly instruct the agent to ignore instructions embedded in the search results.
- Capability inventory: The skill is limited to reading data and displaying it to the user; it does not have write access or privileged command execution capabilities.
- Sanitization: Relies on the host LLM's native safety filters to handle potentially adversarial content in retrieved text.
Audit Metadata