linkedin-connect
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection as it ingests untrusted data from user-provided CSV/TSV files and interpolates it directly into browser navigation commands and search queries.
- Ingestion points: User-provided spreadsheets (file.tsv) and external search results.
- Boundary markers: Absent; data is directly interpolated into tool calls.
- Capability inventory: Full browser automation (navigation, clicks, snapshots) and local file system write access.
- Sanitization: No validation or escaping of input data is performed.
- External Download / Dependencies (MEDIUM): The skill requires the 'OpenClaw Browser Relay' Chrome extension or an 'OpenClaw Isolated Browser'. These external requirements are not verified and manage active user sessions.
- Command Execution (MEDIUM): Uses browser tool calls to perform complex social actions. In an adversarial scenario involving indirect injection, this could be used to perform unauthorized actions on the user's LinkedIn account.
- Data Exposure (LOW): Accesses and stores PII from LinkedIn profiles locally. While functional, this represents a concentration of sensitive data.
Recommendations
- AI detected serious security threats
Audit Metadata