kol-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a robust command-line interface in
scripts/kol_discovery.pyto automate a multi-phase research pipeline, including keyword generation, data aggregation, and scoring. - [EXTERNAL_DOWNLOADS]: The script communicates with the Apify API (
api.apify.com) to retrieve social media datasets. Apify is a well-known service, and the data retrieval is a core, transparent function of the skill. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes external content from social media posts.
- Ingestion points: Social media post content is fetched from the Apify
linkedin-post-searchactor viaapify_datasetinscripts/kol_discovery.py. - Boundary markers: Data is isolated within a structured processing pipeline and outputted to a CSV file.
- Capability inventory: The script has the ability to write files to the workspace and make network requests to the Apify API.
- Sanitization: Content is truncated to 100-200 characters for previews and scoring, providing a basic level of filtering against large injection payloads.
Audit Metadata