abm-outbound

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly instructs how to harvest sensitive personal data (work/personal emails, phone numbers, and HOME addresses via skip-trace) from LinkedIn and third‑party services and then coordinate multi‑channel outreach (email, LinkedIn touches, and mailed handwritten letters) designed to target individuals — a workflow with clear intent and high potential for doxxing, stalking, harassment, or targeted phishing and therefore high-risk abuse potential.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly scrapes public LinkedIn profiles via Apify and ingests third‑party enrichment and skip‑trace results (Apollo, Apify skip-trace) as part of its pipeline (SKILL.md steps 2–4), and that untrusted user-generated/public content is used to decide who is "mailable" and to drive outreach actions, enabling indirect prompt‑injection risk.