linkedin-content
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes untrusted data and has functional capabilities for external actions.
- Ingestion points: External data enters the agent's context through the output of
infsh app run tavily/search-assistantused for researching content patterns (SKILL.md). - Boundary markers: The skill lacks explicit instructions or delimiters to isolate retrieved search data, which could allow the agent to inadvertently follow instructions embedded in external content.
- Capability inventory: The skill is configured with the
infshCLI, which allows for subprocess execution of various applications, including posting content to social media platforms like X (x/post-create) and image generation. - Sanitization: No sanitization, filtering, or validation mechanisms are defined for the external search data before it is utilized by the agent.
- [COMMAND_EXECUTION]: The skill utilizes the
infshcommand-line tool via Bash for legitimate operations such as authentication, web searching, and executing platform-specific apps. These operations are restricted to the vendor's environment and align with the skill's intended use. - [EXTERNAL_DOWNLOADS]: The skill references several external components from the
inference-shorganization to extend social media and content creation functionality. These references are considered safe as they originate from the platform's ecosystem.
Audit Metadata