lead-research
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from external LinkedIn profiles and uses it to generate suggestions and analysis.
- Ingestion points: Step 3 and Step 4 extract personal bios, posts, and articles from LinkedIn profiles using the
read_pagetool. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to isolate the untrusted LinkedIn data from the primary task instructions.
- Capability inventory: The skill has the ability to read and write to the local file system (specifically the
.business_growth/directory), navigate the web, and capture screenshots. - Sanitization: The skill does not specify any sanitization, filtering, or validation of the content retrieved from LinkedIn before processing it.
- [COMMAND_EXECUTION]: The skill utilizes the
computertool for taking screenshots and scrolling through pages. While intended for verifying profile loads and gathering activity data, these capabilities represent a broader permission set for interacting with the user's environment.
Audit Metadata