Skills
skills/nikiandr/goose-skills/linkedin-post-research/Gen Agent Trust Hub

linkedin-post-research

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted LinkedIn post content, representing an indirect prompt injection surface.
  • Ingestion points: Reads author names and post text from api.crustdata.com in scripts/search_posts.py.
  • Boundary markers: Untrusted data is not wrapped in markers to prevent command parsing by an agent.
  • Capability inventory: Script supports writing output to local files via the --output-file argument.
  • Sanitization: Data is truncated for preview but not sanitized for security vulnerabilities.
  • [DATA_EXFILTRATION]: The script communicates with api.crustdata.com to retrieve LinkedIn data. This is a non-whitelisted domain used for legitimate skill functionality.
  • [EXTERNAL_DOWNLOADS]: The skill depends on the 'requests' Python package for network operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 05:17 PM