linkedin

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs extracting the li_at session cookie value and storing/using it for API requests, which requires copying and embedding a secret value verbatim and therefore exposes credentials.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to use the browser tool to navigate to and snapshot LinkedIn pages (e.g., https://www.linkedin.com/messaging/, /in/USERNAME/, search results), which fetches untrusted, user-generated content that the agent is expected to read and could influence subsequent actions like messaging or profile interactions.