Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs users to manually extract the LinkedIn session cookie (li_at). While it advises secure storage, this practice encourages the handling of raw session credentials within the agent context, increasing the risk of account takeover if session data is leaked or logged during interaction.- [DATA_EXFILTRATION]: Accessing a logged-in LinkedIn session via browser automation exposes the user's entire private network and message history to the agent. This broad access represents a significant data exposure risk if the agent is compromised or misused.- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection.
- Ingestion points: External data from LinkedIn profiles and messages is ingested into the agent context via browser action=snapshot (SKILL.md).
- Boundary markers: The skill lacks explicit instructions or boundary markers to differentiate between user instructions and untrusted content from the web pages.
- Capability inventory: The skill utilizes the browser tool with actions like navigate and act (click/type), allowing it to perform stateful operations on the website (SKILL.md).
- Sanitization: There is no evidence of content sanitization or validation to prevent instructions embedded in LinkedIn messages from being interpreted as agent commands.
Audit Metadata