Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection. The skill is designed to ingest and act upon data from external LinkedIn pages, including messages and profiles, which are attacker-controlled sources. Maliciously crafted content in these areas could attempt to override agent instructions or trigger unauthorized actions.
- Ingestion points: LinkedIn profile pages (/in/USERNAME/), message threads (/messaging/), and search results.
- Boundary markers: The skill explicitly defines safety rules requiring explicit user approval for sending messages or connection requests.
- Capability inventory: The skill leverages the browser tool for navigation, screen snapshots, and interactive actions (click/type).
- Sanitization: No explicit sanitization or filtering of the ingested web content is described beyond the recommendation for human confirmation.
Audit Metadata