Skills
skills/athina-ai/goose-skills/signal-scanner/Gen Agent Trust Hub

signal-scanner

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The LinkedIn content analysis feature in scripts/signal_scanner.py is vulnerable to indirect prompt injection.
  • Ingestion points: The skill ingests untrusted text from LinkedIn posts via the Apify linkedin-profile-posts actor.
  • Boundary markers: The LLM prompt template in _llm_score_post directly interpolates post content without using delimiters (e.g., XML tags) or providing specific instructions to the LLM to ignore embedded commands.
  • Capability inventory: The LLM's output directly controls logic that writes to the signals database table and updates the lead_status of records in the people table.
  • Sanitization: No input validation, filtering, or escaping is performed on the external text before it is processed by the AI model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 06:02 PM