linkedin

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly instructs extracting and storing the LinkedIn session cookie (li_at) for API requests, which would require the agent or user to handle and potentially embed that secret value verbatim—creating a strong exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to use the browser tool to navigate to and snapshot LinkedIn pages (e.g., https://www.linkedin.com/messaging/, /in/USERNAME/, search results), which fetches untrusted, user-generated content that the agent is expected to read and could influence subsequent actions like messaging or profile interactions.