linkedin-cli
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends the global installation of the third-party NPM package
@linkedapi/linkedin-clito enable its functionality. - [COMMAND_EXECUTION]: All LinkedIn operations (searching, fetching, messaging, posting) are performed by executing shell commands via the
linkedinCLI tool. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from LinkedIn (such as user profiles, post content, and messages) and has the capability to perform state-changing actions.
- Ingestion points: Untrusted data enters the agent context via
linkedin person fetch,linkedin post fetch, andlinkedin message get(SKILL.md). - Boundary markers: The instructions do not define boundary markers or provide warnings to the agent to ignore instructions embedded in the fetched LinkedIn data.
- Capability inventory: The skill possesses the ability to send messages (
linkedin message send), create posts (linkedin post create), and send connection requests (linkedin connection send) (SKILL.md). - Sanitization: There is no evidence of sanitization or validation performed on the external content before it is processed by the agent.
- [CREDENTIALS_UNSAFE]: The skill requires users to manually provide sensitive 'Linked API Tokens' and 'Identification Tokens' during the setup process, which are then stored and used by the CLI tool for authentication.
Audit Metadata