linkedin-post-generator
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts by interpolating user-provided inputs like URLs and search terms into shell commands (e.g.,
python ... search "{url}"). This pattern is vulnerable to command injection if the inputs contain shell metacharacters that are not properly escaped. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from processed external data. Ingestion points: Reads content from source material files, LinkedIn posts, meeting transcripts, Slack messages, and Google Drive documents. Boundary markers: Absent; prompt templates do not include explicit delimiters to isolate external content. Capability inventory: Subprocess execution for data fetching and file system read/write access to the
~/.config/casper/directory. Sanitization: Absent; there is no evidence of sanitization or filtering of external content before it is processed by the model. - [DATA_EXFILTRATION]: The skill manages sensitive API keys (FIREFLIES_API_KEY, SLACK_BOT_TOKEN) and accesses the user's home directory (
~/.config/casper/) to store persistent configuration and style profiles. - [EXTERNAL_DOWNLOADS]: The skill fetches data from well-known services including LinkedIn, Slack, Google Drive, and Fireflies.ai using dedicated integration scripts.
Audit Metadata