linkedin-outreach
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [NO_CODE]: The provided file consists entirely of Markdown documentation, templates, and workflow descriptions. No executable scripts (Python, JavaScript, or standalone Bash scripts) are included within the skill package.
- [EXTERNAL_DOWNLOADS]: The skill references external automation components from well-known services, including Apify actors (e.g.,
apify/linkedin-profile-scraper) and integration platforms like n8n and Attio CRM. These references are consistent with the skill's stated purpose of building a prospecting pipeline. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface.
- Ingestion points: External data enters the agent context through Apify scrapers targeting LinkedIn profiles and Google search results.
- Boundary markers: The connection request and DM templates lack delimiters or explicit instructions to ignore embedded commands within the scraped data (e.g.,
{{firstName}},{{trigger}}). - Capability inventory: The workflow includes capabilities to generate personalized messages and sync data to the Attio CRM, which could be influenced by malicious content in a target's profile.
- Sanitization: There is no evidence of input validation or sanitization to prevent an attacker from embedding instructions within their LinkedIn profile (e.g., in a bio or job description) that could manipulate the AI's message generation logic.
Audit Metadata