The Agent Skills Directory

PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection through LinkedIn conversation threads.\n
Ingestion points: LinkedIn message threads are scraped using JavaScript in references/browser-workflow.md.\n
Boundary markers: None identified. The agent is instructed to read the thread and respond directly to the last message.\n
Capability inventory: The skill can send messages via browser automation (browser action=act) and update Google Sheets via the gog CLI.\n
Sanitization: No sanitization or validation of the received message content is performed before processing or using it to generate responses.\n- COMMAND_EXECUTION (MEDIUM): The skill uses dynamic JavaScript evaluation to interact with the browser.\n
Evidence: references/browser-workflow.md contains multiple browser action=act calls with kind: evaluate, which executes code to scrape messages and click buttons.\n
Risk: While necessary for automation, this provides a powerful primitive that could be exploited if the agent is subverted.\n- EXTERNAL_DOWNLOADS (MEDIUM): Dependency on an unverified third-party binary gog.\n
Evidence: SKILL.md lists gog as a required binary and provides instructions for OAuth setup.\n
Risk: The skill relies on an external utility with no verified source or integrity check provided within the instruction set.

linkedin-followup