Security audit

Lead Enrichment Skill

Security checks across malware telemetry and agentic risk

Overview

This lead-enrichment skill appears to do what it claims, but users should understand that their queries are sent to Prismfy and the setup docs handle the API key casually.

Install only if you are comfortable sending lead names, company details, targeting criteria, or similar prospecting data to Prismfy. Store the API key in a safer secrets mechanism when possible, avoid committing shell startup files with credentials, and rotate the key if it may have been exposed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (5)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README instructs users to place a live API key directly into an environment variable and persist it in shell startup files without any warning about credential sensitivity, shell history exposure, or safer secret-handling methods. This can lead to accidental credential disclosure through shared dotfiles, screen sharing, backups, logs, or multi-user systems, even though the key is not immediately exfiltrated by the skill itself.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The instructions tell users to append a live API key export directly into `~/.bashrc`, which stores the credential in plaintext in a long-lived startup file. This increases exposure through local file disclosure, backups, dotfile syncing, screenshots, shell history mistakes, or accidental sharing, and the skill does not warn about those risks or suggest safer secret storage.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script sends user-supplied lead-enrichment queries and receives corresponding results from an external third-party API, but the tool's help text and normal output do not clearly disclose that lead data is being transmitted off-host. In a lead-enrichment context, company names, person names, roles, ICP criteria, and related search intent can be commercially sensitive or privacy-relevant, so silent transmission creates a real data-handling risk even if it is the core product behavior.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The script requires an API key from the environment but does not mention this secret requirement in the help text or comments, which can lead users to set credentials without understanding where they will be used. While reading secrets from environment variables is standard practice, the lack of disclosure reduces transparency around authentication to a third-party service.

External Transmission

Medium

Category: Data Exfiltration
Content: while (( attempt < max_attempts )); do attempt=$((attempt + 1)) err="$(mktemp)" if response="$(curl -m 20 -fsS "$API_URL" \ -H "Authorization: Bearer $PRISMFY_API_KEY" \ -H "Content-Type: application/json" \ -d "$payload" 2>"$err")"; then
Confidence: 96% confidence
Finding: curl -m 20 -fsS "$API_URL" \ -H "Authorization: Bearer $PRISMFY_API_KEY" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.