Trust Assessment
lead-hunter received a trust score of 70/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Potential Data Exfiltration and Abuse via Uncontrolled Webhook/Outreach Integrations, Potential Command Injection Vulnerability in Skill Execution Example, Overly Broad Permissions Required by Skill's Functional Scope.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration and Abuse via Uncontrolled Webhook/Outreach Integrations The skill description highlights "Webhook integrations" and "Auto-outreach triggers" as output capabilities, along with "CRM-ready exports" and "CRM integrations". Without strict controls on target endpoints, data schemas, and user authorization, these features could be exploited to exfiltrate sensitive lead data to arbitrary external services or to send unauthorized communications (e.g., spam, phishing) to prospects or internal systems. The description does not specify any security measures to prevent such misuse. Implement strict allow-lists for all external integration endpoints (webhooks, CRM APIs). Ensure all data exports and outreach triggers require explicit user confirmation or are restricted to pre-approved, secure configurations. Implement robust access control and auditing for these sensitive operations. | LLM | SKILL.md:52 | |
| HIGH | Overly Broad Permissions Required by Skill's Functional Scope The skill's described functionality is extensive, requiring access to numerous external APIs (e.g., X/Twitter, GitHub, LinkedIn, Hunter.io, Clearbit, HubSpot, Pipedrive) and the ability to perform sensitive actions like "Auto-outreach triggers" and "Webhook integrations". This broad scope implies a need for extensive permissions (network access, API keys for multiple platforms, ability to send communications, modify CRM data, filesystem write access for lead storage). If the host agent grants these permissions without fine-grained control or explicit user consent for each sensitive action, it creates an excessive permission surface, increasing the risk of unauthorized data access, manipulation, or exfiltration if the skill is compromised or misused. Implement a principle of least privilege. Ensure the host agent provides granular permission controls for each external service and sensitive action. Require explicit user authorization for critical operations (e.g., sending outreach, connecting to new CRM accounts, configuring webhooks). Isolate skill execution environments to limit the blast radius of a compromise. | LLM | SKILL.md:28 | |
| MEDIUM | Potential Command Injection Vulnerability in Skill Execution Example The "Quick Start" section provides a command-line example: `Run: lead-hunter discover --icp tech-startup`. If the AI agent's execution environment directly interprets and runs such commands, and if arguments like `--icp` can be influenced by untrusted user input, it could lead to command injection. An attacker might craft a malicious ICP name (e.g., `"; rm -rf /"`) to execute arbitrary shell commands on the host system. Ensure that any command-line arguments passed to skill execution are strictly validated and sanitized. Avoid direct concatenation of untrusted input into shell commands. Prefer using safe subprocess execution methods that separate commands and arguments, or use a sandboxed execution environment. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/72e3aafe93d4ea38)
Powered by SkillShield