Skills
skills/varnan-tech/opendirectory/linkedin-post-generator/Gen Agent Trust Hub

linkedin-post-generator

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its content ingestion workflow.
  • Ingestion points: In SKILL.md (Step 1), the agent is instructed to fetch and extract content from user-provided URLs, such as blog posts and GitHub Pull Requests.
  • Boundary markers: There are no explicit instructions or delimiters defining boundaries between the skill's system instructions and the untrusted content fetched from the external sources.
  • Capability inventory: The skill has the capability to write to an external platform (LinkedIn) via the linkedin_create_linkedin_post tool integrated with Composio (Step 8).
  • Sanitization: No sanitization, escaping, or explicit 'ignore embedded instructions' directives are provided to protect against malicious instructions hidden in the fetched content.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to download content from arbitrary external domains.
  • In SKILL.md (Step 1), the logic includes fetching the body text and metadata from blog/article URLs and GitHub PR URLs provided by the user.
  • [COMMAND_EXECUTION]: The skill utilizes a tool-based approach to execute actions on an external service.
  • In SKILL.md (Step 8), the agent calls the linkedin_create_linkedin_post action to programmatically publish generated posts, which represents an execution path to an external API service.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 07:34 PM