connections-optimizer
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses personal connection inventories and interaction histories from X and LinkedIn platforms. This involves sensitive social graph data, but the use is aligned with the skill's purpose and mitigated by safety defaults that require human review before any connection pruning or data modification occurs.
- [COMMAND_EXECUTION]: Desktop automation is used to draft emails in Apple Mail/Mail.app, and browser control is utilized for managing LinkedIn connections. These powerful capabilities are restricted by the workflow which mandates the agent provides a 'Review Pack' for user approval before any automated step is applied.
- [PROMPT_INJECTION]: The skill ingests untrusted data from external social media profiles, creating a surface for indirect prompt injection attacks.
- Ingestion points: User profile bios, account activity, and network metadata retrieved via X API and browser-based LinkedIn inspection (SKILL.md).
- Boundary markers: No specific delimiters or instructions are used to isolate retrieved profile data from the agent's core processing logic (SKILL.md).
- Capability inventory: The agent can draft messages in X DMs, LinkedIn, and Apple Mail, and propose changes to follow/connection lists (SKILL.md).
- Sanitization: No sanitization or validation of the retrieved profile content is documented before it is analyzed for scoring or message generation (SKILL.md).
Audit Metadata