social-graph-ranker
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions specify the use of 'browser-use scraping' and the X API to harvest social graph data. These operations involve high-capability tools for automated web interaction and data retrieval.\n- [EXTERNAL_DOWNLOADS]: The skill documentation indicates a dependency on the 'lead-intelligence' skill and the 'outreach-drafter' agent to generate lead lists and outreach content.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests profile data and connection lists from external social platforms.\n
- Ingestion points: Connection data from LinkedIn CSV files (~/Downloads/Connections.csv) and user metadata from X API followers/following calls.\n
- Boundary markers: No specific delimiters or safety instructions are defined to separate untrusted social graph data from the agent's execution context.\n
- Capability inventory: Automated browser scraping, X API interactions, and draft generation using integrated agents.\n
- Sanitization: The skill does not outline any procedures for sanitizing or validating strings retrieved from external social profiles.
Audit Metadata