Skills
skills/himself65/finance-skills/linkedin-reader/Gen Agent Trust Hub

linkedin-reader

Warn

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses dynamic context injection (!command) within SKILL.md to execute shell commands (command -v, opencli doctor) to verify the environment when the skill is loaded.
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install a third-party Node.js package (@jackwener/opencli) which is hosted on a public registry and authored by an individual contributor outside the trusted vendor list.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and processes LinkedIn posts and job descriptions which could contain instructions designed to manipulate the agent's behavior.
  • Ingestion points: Untrusted content enters the context via opencli linkedin timeline and opencli linkedin search outputs as described in SKILL.md.
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to prevent the agent from obeying instructions embedded in the external data.
  • Capability inventory: The agent has the capability to execute shell commands through the opencli tool.
  • Sanitization: No sanitization or validation of the retrieved LinkedIn content is implemented before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 27, 2026, 01:31 PM