prospect-enrich
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill performs legitimate contact enrichment operations using recognized integration tools (MCP) and follows clear business logic.
- [DATA_EXFILTRATION]: The skill moves data between HubSpot and third-party enrichment providers (Apollo and Clay). This behavior is consistent with the skill's primary purpose of lead enrichment and uses official API tools.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from HubSpot contact records (e.g., job titles and conversion notes). While this presents a theoretical surface for indirect injection, the risk is mitigated by the structured nature of the classification logic and tool usage. Ingestion point: HubSpot contact properties (SKILL.md). Capabilities: HubSpot write access and external API calls (SKILL.md). No explicit sanitization or boundary markers were identified.
Audit Metadata