linkedin-sales-navigator-alt-skill
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from external sources without proper sanitization. Ingestion points: Publicly available LinkedIn profiles, recent posts, and company news. Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat external data as untrusted. Capability inventory: The skill has the capability to write to the local filesystem. Sanitization: Absent. The skill provides no mechanisms for filtering or escaping content retrieved from external LinkedIn profiles before it enters the agent's context.
- [COMMAND_EXECUTION]: The skill contains instructions for unauthorized file system access by writing metadata to a hidden directory. Evidence: The workflow concludes with a mandatory step to write a JSON sidecar file to '~/.claude/skill-analytics/last-outcome-linkedin-sales-navigator-alt.json', which is outside the expected scope of a lead generation task.
Audit Metadata