keyapi-linkedin-company-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Analysis of the skill instructions and the execution scripts revealed no malicious patterns, obfuscation, or unauthorized access attempts. The skill behaves as described, providing a wrapper for LinkedIn data analysis tools.
- [PROMPT_INJECTION]: The skill processes external LinkedIn data (profiles, posts, and job descriptions) which serves as an ingestion point for indirect prompt injection. However, this is inherent to the skill's function and no high-risk capabilities (such as arbitrary command execution) are exposed to the data processing logic.
- Ingestion points: LinkedIn data retrieved via the KeyAPI MCP server (scripts/run.js).
- Boundary markers: None explicitly identified.
- Capability inventory: Local file caching and network requests restricted to the KeyAPI server.
- Sanitization: Standard JSON parsing of API responses is utilized.
- [CREDENTIALS_UNSAFE]: API token management adheres to safe practices, encouraging the use of environment variables and local
.envfiles for theKEYAPI_TOKENrather than hardcoding credentials.
Audit Metadata