Skills
skills/sickn33/antigravity-awesome-skills/linkedin-cli/Snyk

linkedin-cli

Fail

Audited by Snyk on Feb 27, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt instructs the agent to have the user provide Linked API and Identification tokens and to run a setup command embedding them as command-line arguments (linkedin setup --linked-api-token=TOKEN --identification-token=TOKEN), which requires the LLM to include secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's commands (e.g., "linkedin person fetch https://www.linkedin.com/in/username --posts --comments" and "linkedin post fetch ") explicitly fetch public LinkedIn profiles, posts, comments and messages—user-generated, untrusted third-party content—which the SKILL.md instructs an AI agent to read/interpret and then orchestrate actions (send messages, comment, run workflows), allowing that external content to materially influence subsequent tool use.
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 03:06 PM