linkedin-influencer-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves data from the Apify platform's official API (api.apify.com). This is a well-known service, and the data fetched is essential for discovering LinkedIn influencers as intended by the skill's design.- [CREDENTIALS_UNSAFE]: The skill requires an APIY_API_TOKEN. The script scripts/discover_influencers.py handles this token by accepting it via environment variables or command-line arguments and passing it as a query parameter in HTTP requests to Apify.- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to its data ingestion model.
- Ingestion points: Influencer biographies and names are fetched from the Apify powerai/influencer-filter-api-scraper actor.
- Boundary markers: The output does not include clear boundary markers or instructions for the agent to ignore potentially malicious content within the influencer bios.
- Capability inventory: The skill uses network access to call the Apify API but does not have capabilities for file system modification or arbitrary shell command execution.
- Sanitization: The script does not perform sanitization or filtering of the content retrieved from influencer profiles before presenting it to the agent.
Audit Metadata