writing-linkedin-posts
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted external data and uses it to influence agent output.
- Ingestion points:
scripts/scrape_my_posts.pyretrieves post content from the Apify API. - Boundary markers: Absent. The
format_posts_for_analysisfunction uses weak--- POST N ---delimiters which are easily bypassed by embedded instructions. - Capability inventory: The agent uses ingested data to write new LinkedIn posts, which could be manipulated to include malicious content or exfiltration links.
- Sanitization: Absent. No sanitization or escaping of the scraped content is performed before it is provided to the LLM.
- [External Downloads] (LOW): The script
scripts/scrape_my_posts.pymakes network requests toapi.apify.comusingurllib.request. While required for functionality, this domain is not on the Trusted External Sources list. - [Credentials Unsafe] (LOW): The skill requires an
APIFY_TOKENto be stored in the user's shell environment. While this is standard practice for CLI tools, it increases the risk of credential exposure if the environment is compromised.
Audit Metadata