competitor-post-engagers
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Communicates with well-known services including the Apify API to retrieve LinkedIn scraping results and the Apollo API for company enrichment.
- [COMMAND_EXECUTION]: Executes a Python script (
competitor_post_engagers.py) to manage the data processing pipeline, including filtering, scoring, and exporting leads. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external LinkedIn profiles.
- Ingestion points: LinkedIn headlines, names, and comment text are ingested via the Apify dataset API in
scripts/competitor_post_engagers.py. - Boundary markers: None are present to distinguish between instructions and data in the processed content.
- Capability inventory: The skill possesses file writing capabilities (CSV export), network access (Apollo API), and script execution capabilities.
- Sanitization: Content is truncated for previews but no escaping or instruction-filtering is performed on the ingested text.
Audit Metadata