competitor-post-engagers
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The Python script competitor_post_engagers.py coordinates the lead generation pipeline by executing Apify actors and performing local data analysis to rank leads.
- [EXTERNAL_DOWNLOADS]: Communicates with Apify and Apollo APIs to retrieve LinkedIn post engagement data and enrich company profiles. These are well-known technology services and the usage is consistent with the skill's purpose.
- [PROMPT_INJECTION]: The skill ingests untrusted third-party content from LinkedIn. 1. Ingestion points: Unsanitized LinkedIn comments are scraped via the Apify harvestapi/linkedin-company-posts actor and stored in the engagers dataset. 2. Boundary markers: No explicit markers or delimiters are used to isolate untrusted data in the exported CSV. 3. Capability inventory: The script performs file writes and network API calls to external services. 4. Sanitization: Comments are truncated to 500 characters but are not filtered or escaped for malicious instructions.
Audit Metadata