linkedin-skill
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run a local Python script (
linkedin_skill.py) which manages all interactions with the LinkedIn API. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it retrieves content (posts and comments) from an external service.
- Ingestion points: Untrusted data enters the context via the
list-posts,get-post, andcommentscommands withinlinkedin_skill.py. - Boundary markers: The script does not use specific delimiters or protective wrappers when outputting LinkedIn content to the agent.
- Capability inventory: The skill possesses significant capabilities including the ability to post, edit, or delete content and manage reactions.
- Sanitization: No input validation or instruction filtering is applied to the retrieved social media data.
- Mitigation: A strong safety guideline in
SKILL.mdmandates that the agent must present the full details of any intended action and wait for explicit user approval before executing the command, effectively preventing automated exploitation of the injection surface.
Audit Metadata