leads-researcher
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it ingest data from external, untrusted sources.
- Ingestion points: Retrieves data from company websites, job postings, and news articles to identify buying signals (
references/full-guide.md). - Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the workflows for processing external data.
- Capability inventory: Performs network operations via
fetchto gather research data. - Sanitization: No explicit sanitization or filtering logic is provided for the content retrieved from external sites.
- [EXTERNAL_DOWNLOADS]: The skill interacts with external B2B data services to enrich lead information.
- Details: Communicates with Clearbit and Hunter.io APIs to retrieve company and contact data (
references/full-guide.md). These interactions are standard for the skill's intended purpose.
Audit Metadata