cold-email-verifier

{ "verdict": "LOW", "summary": "The skill automates email verification using external APIs and a local CLI tool. It presents a potential surface for indirect prompt injection through user-provided CSV data and contains minor control character obfuscation in its documentation code blocks.", "categories": [ "COMMAND_EXECUTION", "PROMPT_INJECTION" ], "detailed_analysis": "- [COMMAND_EXECUTION]: The script scripts/email_verifier.py uses subprocess.run() to execute a local CLI tool named check_if_email_exists. While the execution uses an argument list rather than a shell string (reducing injection risk), it still invokes a local binary with parameters derived from external CSV data.\n- [PROMPT_INJECTION]: The skill processes untrusted data from a CSV file that could potentially contain malicious instructions or specially crafted fields to influence agent behavior.\n

• Ingestion points: The script reads input from a user-supplied CSV file using pd.read_csv() in the main() function of scripts/email_verifier.py.\n
• Boundary markers: The skill lacks explicit delimiters or system instructions to the agent to treat CSV content as data only and ignore any embedded instructions.\n
• Capability inventory: The skill possesses network access (requests) and local command execution capabilities (subprocess.run), which could be abused if an injection succeeds.\n
• Sanitization: Although there is basic regex cleaning of first and last names for email generation, there is no validation of the overall input structure against prompt injection attacks.\n- [OBFUSCATION]: The documentation files (README.md and SKILL.md) contain the control character \\x08 (Backspace) before the word 'ash' in markdown code blocks (e.g., ash). This appears to be a minor attempt to obfuscate the string 'bash', though it does not affect execution logic.", "python_packages": [ "requests", "pandas" ], "node_packages": [], "remote_code_patterns": [], "obfuscated_urls": [] }