linkedin-post
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script located at 'shared/rhetoric_selector.py' using the shell. While the path is local, this grants the agent the ability to run external code.
- [INDIRECT_PROMPT_INJECTION]: 1. Ingestion points: User-provided topics and descriptions for LinkedIn posts are processed by the agent as seen in SKILL.md. 2. Boundary markers: No delimiters or explicit instructions to ignore malicious commands within user input are provided. 3. Capability inventory: The skill can execute shell commands (python script) and read files via relative paths (../../config/). 4. Sanitization: No input validation or sanitization of user data is performed before it is used to generate content.
Audit Metadata