linkedin-content-generation
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where untrusted user input is interpolated into API call parameters.
- Ingestion points: The 'message' field in the JSON request body sent to 'https://sense.eachlabs.run/chat' (referenced in SKILL.md).
- Boundary markers: Absent; user input is not enclosed in delimiters or accompanied by instructions to ignore embedded commands.
- Capability inventory: The skill performs network operations via curl to external API endpoints for content generation (referenced in SKILL.md).
- Sanitization: Absent; no input validation or escaping of user-provided content is performed before it is processed by the model.
- [EXTERNAL_DOWNLOADS]: All external communications are conducted with verified vendor domains 'sense.eachlabs.run' and 'storage.eachlabs.ai', which is standard for the skill's functionality.
- [CREDENTIALS_UNSAFE]: The skill adheres to security best practices by utilizing environment variable placeholders ($EACHLABS_API_KEY) instead of hardcoding sensitive authentication tokens.
Audit Metadata