prospect-research-to-cadence
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill fetches data from untrusted external sources, including company firmographics and web search results, and interpolates this content into personalized email templates and sequence parameters.
- Ingestion points: Data enters the context via
apollo_organizations_enrich,apollo_mixed_people_api_search, and generic web search tools as defined in the workflow of SKILL.md. - Boundary markers: Absent; the prompt instructions do not specify delimiters or instructions to ignore embedded commands within the enriched data points.
- Capability inventory: The skill possesses the ability to create contacts, enroll users in automated email sequences, and create Gmail drafts via its configured MCP tools.
- Sanitization: No explicit sanitization or validation of the fetched external data is performed before it is used for drafting or sequence loading.
- Mitigation: The skill incorporates a mandatory human-review checkpoint (
Stage 3: Approve) using theAskUserQuestiontool, which prevents automated execution of potentially malicious instructions embedded in the processed data.
Audit Metadata