linkedin

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to have the user provide the Linked API Token and Identification Token and to run a CLI command embedding those tokens as arguments (--linked-api-token=TOKEN --identification-token=TOKEN), which requires the LLM to handle and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md explicitly instructs the agent to fetch LinkedIn profiles, posts, comments, reactions and conversations (e.g., "linkedin person fetch ... --posts --comments", "linkedin post fetch ... --comments", "linkedin message get ..."), which are untrusted, user-generated third‑party content the skill ingests and that can directly influence follow‑on actions like sending messages, commenting, or running workflows.