signal-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection during the LinkedIn content analysis phase.
- Ingestion points: Untrusted data is ingested from external LinkedIn posts via Apify scraping actors in the
scan_linkedin_contentfunction ofscripts/signal_scanner.py. - Boundary markers: The scraped post content is inserted into an LLM prompt using only basic text labels ("LinkedIn post:") without robust delimiters or instructions to ignore embedded commands.
- Capability inventory: The script performs write operations to a Supabase database, including inserting signals and updating lead statuses, which are used to trigger downstream outreach actions.
- Sanitization: The input is sliced to a maximum length of 1000 characters, but no further sanitization or instruction-filtering is applied to the external content before it is processed by the LLM.
Audit Metadata