linkedin-scraper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected. The skill extracts content from external LinkedIn profiles (Name, About, Headline, Experience) that could contain malicious instructions. (1) Ingestion points: Data extraction fields defined in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: Browser control and DuckDB write access. (4) Sanitization: No explicit instructions provided to sanitize or escape profile content before processing.
- COMMAND_EXECUTION (LOW): Risk of SQL injection into the local DuckDB workspace. The skill provides instructions for the agent to insert scraped data into database tables. If the agent uses string concatenation instead of parameterized queries for the untrusted scraped strings, it could lead to manipulation of the local database. Evidence: SQL integration section in SKILL.md.
- DATA_EXFILTRATION (SAFE): The skill includes explicit instructions to store data locally and never exfiltrate it.
Audit Metadata