linkedin-commenter-extractor
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Interacts with the well-known Apify API (api.apify.com) to retrieve comment data. This is standard functionality for the skill's purpose.
- [SAFE]: Accesses the Apify API token from environment variables or CLI arguments, avoiding hardcoded secrets.
- [PROMPT_INJECTION]: Processes untrusted LinkedIn comment text, creating an indirect prompt injection surface. (1) Ingestion points: extract_comments_from_post in scripts/extract_commenters.py fetches data from Apify datasets. (2) Boundary markers: No delimiters are used to isolate untrusted comment data in the stdout results. (3) Capability inventory: The skill utilizes network access via the requests library to communicate with the Apify API. (4) Sanitization: Comment content is truncated to 500 characters before being returned to the agent.
Audit Metadata