Skills
skills/nikiandr/goose-skills/kol-engager-icp/Gen Agent Trust Hub

kol-engager-icp

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted content from external sources.
  • Ingestion points: The skill retrieves LinkedIn post text and user comments using Apify actors in scripts/kol_engager_icp.py (e.g., scrape_kol_posts and scrape_engagers).
  • Boundary markers: No delimiters or safety instructions are used when processing or exporting the scraped text.
  • Capability inventory: The skill allows execution of Python scripts that perform network operations and file system writes.
  • Sanitization: Scraped content, including user-generated comments, is stored and exported without sanitization or validation.
  • [COMMAND_EXECUTION]: The skill operates by executing a local Python script (scripts/kol_engager_icp.py) to orchestrate a multi-step data processing pipeline. This script manages API calls, data filtering, and file exports.
  • [DATA_EXFILTRATION]: The script performs network requests to api.apify.com to fetch scraping results. This communication is authenticated using an API token and targets a well-known service, which is consistent with the skill's intended functionality.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:17 PM