linkedin-outreach
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface by interpolating untrusted data into its message generation logic.
- Ingestion points: The skill retrieves external data from the Supabase
peopletable, specifically utilizing the{comment_snippet}variable which contains raw text from LinkedIn comments. - Boundary markers: There are no boundary markers or specific instructions (e.g., XML tags or 'ignore' directives) surrounding the interpolated variables to differentiate data from instructions.
- Capability inventory: Across its scripts, the skill has the capability to write to the local filesystem (
skills/linkedin-outreach/output/), write to Google Sheets via thegoogle-sheets-writetool, and perform authenticated network operations (PATCH/POST) to Supabase. - Sanitization: The skill does not perform any sanitization, escaping, or validation of the retrieved signal data before it is presented to the LLM for message construction.
Audit Metadata