pain-language-engagers
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from LinkedIn posts and comments, which presents a surface for indirect prompt injection. If an attacker-controlled post or comment contains malicious instructions, it could potentially influence the agent's behavior during subsequent processing steps.
- Ingestion points: External data is ingested from LinkedIn via the Apify API in
scripts/pain_language_engagers.py, specifically through post text, comments, and profile headlines. - Boundary markers: The skill does not employ specific boundary markers or "ignore instructions" delimiters when processing or outputting the ingested external content.
- Capability inventory: The skill has the capability to write to the local filesystem (CSV lead lists) and perform network operations via the Apify API.
- Sanitization: Content is processed for lead classification and CSV generation without robust sanitization against embedded prompt instructions.
- [COMMAND_EXECUTION]: The skill requires the agent to execute a local Python script (
scripts/pain_language_engagers.py) using command-line arguments, including a user-suppliedclient-nameused to construct file paths for configuration and output. - [DATA_EXFILTRATION]: The Python script retrieves a sensitive
APIFY_API_TOKENfrom a local.envfile to authenticate requests to the Apify platform atapi.apify.com. This is an expected use of a well-known service to support the skill's primary function. - [EXTERNAL_DOWNLOADS]: The skill fetches scraped data from LinkedIn (posts, reactions, and comments) using Apify's official API endpoints.
Audit Metadata