LinkedIn Automation
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious behavior, suspicious scripts, or unauthorized network operations were detected. The skill follows its documented purpose of automating LinkedIn content, outreach, and analytics without hidden functionality.
- [PROMPT_INJECTION]: An Indirect Prompt Injection surface was identified as the skill processes untrusted external data from LinkedIn profiles and messages. 1. Ingestion points: External content processed by the linkedin_message and linkedin_leads tools. 2. Boundary markers: The outreach and engagement templates do not include explicit delimiters or instructions to ignore commands within user-provided variables like first_name or answer. 3. Capability inventory: The skill can perform actions such as posting content, sending direct messages, and syncing data to a CRM. 4. Sanitization: There is no documented validation or sanitization of external LinkedIn data before it is interpolated into templates.
Audit Metadata