The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill is highly susceptible to indirect injection because it retrieves and processes content from external, attacker-controllable sources such as LinkedIn and public news articles via tools like Apify and Exa.
Ingestion points: External web content, social media profiles, and news articles ingested via 'Apify' and 'Exa' tools.
Boundary markers: No delimiters or explicit instructions are provided to the agent to ignore potential commands embedded in the scraped text.
Capability inventory: The output is used to generate 'Conversation Starters' and 'Cold Call Scripts', meaning a successful injection could lead to the agent generating harmful or deceptive outreach content.
Sanitization: No sanitization, filtering, or validation of the ingested content is performed.
[Data Exposure & Exfiltration] (LOW): The skill's core function is to collect PII (names, emails, roles) and transmit it to third-party APIs like Hunter.io. Users must ensure compliance with data privacy regulations (e.g., GDPR) when using these automated collection tools.
[External Downloads] (LOW): The skill references external MCP tools (Exa, Apify, Hunter.io, Perplexity). While the usage patterns are for data retrieval, the security of the operation depends on the integrity of these third-party services and the correctness of the API configurations.

prospect-research