Trust Assessment
ABM Outbound received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Extensive PII processing and distribution to third-party services, Risk of JSON injection in API request bodies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Extensive PII processing and distribution to third-party services The skill's core functionality involves collecting and distributing personally identifiable information (PII) such as LinkedIn URLs, names, emails, phone numbers, and physical addresses to multiple external third-party API services (Apify, Apollo, Instantly, Scribeless). While this is the intended design, it significantly increases the attack surface for data breaches and raises substantial privacy concerns. Each service has its own data handling policies, and the aggregation of this data across platforms could lead to compliance issues (e.g., GDPR, CCPA) and a higher risk of unauthorized access or misuse of sensitive user data. 1. Transparency: Clearly inform users about which specific PII data points are sent to each third-party service and for what purpose. 2. Data Minimization: Review if all PII sent to each service is strictly necessary for its function. 3. Privacy Policy: Link to the privacy policies of all integrated third-party services. 4. User Consent: Implement explicit user consent mechanisms for PII processing and sharing with third parties. 5. Data Security: Ensure robust data encryption (in transit and at rest) and secure API key management. 6. Compliance Review: Conduct a legal and compliance review (e.g., GDPR, CCPA) for the handling of PII across multiple jurisdictions and third parties. | LLM | SKILL.md:49 | |
| MEDIUM | Risk of JSON injection in API request bodies The skill demonstrates interactions with various APIs using `curl` commands, where request bodies are constructed as JSON. If an AI agent or an underlying implementation were to dynamically generate these JSON payloads by directly embedding unsanitized user input (e.g., for fields like `first_name`, `last_name`, `company_name`, `personalization`, `address` components, or `profileUrls`), it could lead to JSON injection. An attacker could craft input that alters the JSON structure, potentially leading to unexpected API behavior, data corruption, or unauthorized actions if the target API is not robustly validating input. 1. Input Validation and Sanitization: All user-provided input intended for JSON payloads must be strictly validated and properly escaped to prevent alteration of the JSON structure. 2. JSON Serialization Libraries: Use robust JSON serialization libraries in the implementation language that handle escaping automatically, rather than string concatenation for building JSON. 3. API Input Schema Validation: Ensure that the API endpoints themselves perform strict schema validation on incoming JSON payloads to reject malformed or unexpected structures. | LLM | SKILL.md:60 |
Scan History
Embed Code
[](https://skillshield.io/report/7f6092e9cdacd604)
Powered by SkillShield