linkedin-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to configure a remote MCP server at 'https://rube.app/mcp'. This endpoint is not part of the trusted vendors list and represents a remote dependency that the agent will rely on for tool execution.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). ● Ingestion points: External data is brought into the agent context via tools described in 'SKILL.md' such as 'LINKEDIN_GET_MY_INFO', 'LINKEDIN_GET_COMPANY_INFO', and 'LINKEDIN_GET_IMAGES'. ● Boundary markers: None are defined to separate untrusted LinkedIn content from system instructions. ● Capability inventory: The skill possesses write capabilities including 'LINKEDIN_CREATE_LINKED_IN_POST', 'LINKEDIN_CREATE_COMMENT_ON_POST', and 'LINKEDIN_DELETE_LINKED_IN_POST' as defined in 'SKILL.md'. ● Sanitization: No sanitization or validation of external content is mentioned before it is processed or used in post creation.
Audit Metadata