The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill recommends a high-risk installation method where a shell script is downloaded from https://canifi.com/skills/linkedin/install.sh and piped directly to bash. This provides no mechanism for verification or auditing before arbitrary code is executed on the host system.\n- [CREDENTIALS_UNSAFE]: The setup process asks users to provide their LinkedIn email and password to be stored locally. Entrusting sensitive platform credentials to a setup environment created by unverified third-party scripts poses a high risk of credential exposure or theft.\n- [EXTERNAL_DOWNLOADS]: The skill depends on multiple scripts and configuration tools hosted on the non-whitelisted domain canifi.com, which bypasses standard package management and security review processes.\n- [COMMAND_EXECUTION]: Extensive use of shell commands for installation and environment variable configuration (canifi-env set) creates a large attack surface if the remote scripts are compromised or malicious.\n- [PROMPT_INJECTION]: The skill's core functionality involves processing untrusted data from LinkedIn, making it susceptible to indirect prompt injection.\n
Ingestion points: The agent reads user-generated content from the LinkedIn feed, profiles, and networking messages (SKILL.md).\n
Boundary markers: There are no instructions or delimiters in the skill definition to isolate external data from the agent's core behavioral instructions.\n
Capability inventory: The skill has significant capabilities, including browser automation to post content, send messages, and modify profile sections (SKILL.md).\n
Sanitization: The skill does not implement or describe any sanitization, filtering, or validation of the data retrieved from LinkedIn before it is used to influence the agent's actions.

linkedin