Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
linkedinCLI tool to perform actions on the LinkedIn platform. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of external data.
- Ingestion points: Untrusted content is retrieved from LinkedIn profiles, messages, and posts via commands such as
linkedin person fetch,linkedin message get, andlinkedin post fetch(SKILL.md). - Boundary markers: There are no specified delimiters or instructions to the agent to differentiate between the fetched content and its core operating instructions.
- Capability inventory: The skill provides several active capabilities, including sending messages (
linkedin message send), creating posts (linkedin post create), and managing connection requests (linkedin connection send), which could be misused if influenced by malicious input. - Sanitization: The instructions do not define any sanitization or validation procedures for the data retrieved from LinkedIn before it is processed by the agent.
Audit Metadata