linkedin-automator
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to processing external web content.\n- Ingestion points: Untrusted data is ingested from the LinkedIn feed (
scripts/engage.sh), analytics dashboards (scripts/analytics.sh), and trending news sections (scripts/ideas.sh).\n- Boundary markers: The instructions do not define clear delimiters or include warnings for the agent to ignore or isolate instructions that may be embedded in the fetched LinkedIn content.\n- Capability inventory: The skill enables the agent to perform actions such as posting content, writing comments, and reacting to posts on LinkedIn via the browser tool.\n- Sanitization: There is no logic for sanitizing, escaping, or validating the content retrieved from LinkedIn before it is used to influence the agent's generated output or actions.
Audit Metadata