skills/svenja-dev/claude-code-skills/linkedin-engagement/Snyk

linkedin-engagement

Warn

Audited by Snyk on Feb 15, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly navigates and scrapes public LinkedIn pages (e.g., hashtag feeds like "https://www.linkedin.com/feed/hashtag/manufacturing", individual post URLs) using Claude-in-Chrome and read_page/get_page_text to extract posts and comments — i.e., it ingests untrusted, user-generated third‑party content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill runtime navigates to and reads live LinkedIn pages (e.g. https://www.linkedin.com/feed/hashtag/manufacturing and other https://www.linkedin.com/post/profile/analytics URLs) to extract post content that is injected into the agent context to generate comments/analyses, meaning fetched external content directly controls prompts at runtime.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Feb 15, 2026, 09:10 PM