linkedin-automation
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from LinkedIn and has the capability to perform state-changing actions.
- Ingestion points: Profile and organization data retrieved via LINKEDIN_GET_MY_INFO and LINKEDIN_GET_COMPANY_INFO (SKILL.md).
- Boundary markers: No explicit instructions or delimiters are provided to the agent to distinguish between system instructions and data retrieved from the LinkedIn API.
- Capability inventory: The skill allows creating posts (LINKEDIN_CREATE_LINKED_IN_POST), commenting (LINKEDIN_CREATE_COMMENT_ON_POST), and deleting content (LINKEDIN_DELETE_LINKED_IN_POST).
- Sanitization: No evidence of sanitization or validation of the retrieved data before it is used in subsequent prompts or tool calls.
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure an external MCP server endpoint (https://rube.app/mcp). While necessary for the skill's functionality, this introduces a dependency on a third-party service not listed as a trusted vendor.
Audit Metadata