linkedin-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill establishes workflows that ingest external data from LinkedIn, creating a potential surface for indirect prompt injection.\n
- Ingestion points: Data enters the context via tools like LINKEDIN_GET_MY_INFO and LINKEDIN_GET_COMPANY_INFO in SKILL.md.\n
- Boundary markers: The instructions lack delimiters or specific prompts to ignore instructions within the ingested data.\n
- Capability inventory: The agent can perform write actions such as LINKEDIN_CREATE_LINKED_IN_POST and LINKEDIN_CREATE_COMMENT_ON_POST.\n
- Sanitization: There is no mention of sanitizing external LinkedIn content before processing.\n- [EXTERNAL_DOWNLOADS]: The skill instructs users to configure an external MCP server using the endpoint https://rube.app/mcp. This represents an external dependency for the toolkit's functionality.
Audit Metadata