linkedin-message-writer
Warn
Audited by Snyk on Jul 2, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The skill uses Apify actors to scrape each lead’s LinkedIn profile and (optionally) recent post text at runtime, and that scraped free-form post body content is then ingested into the agent to generate personalized messages—an outsider-authored source (public LinkedIn posts) via the Apify “dataset items” results.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill performs runtime calls to Apify (e.g. https://api.apify.com/v2/acts/harvestapi~linkedin-profile-scraper/runs?token=$APIFY_API_TOKEN and https://api.apify.com/v2/acts/harvestapi~linkedin-profile-posts/runs?token=$APIFY_API_TOKEN), and the returned profile/post content is injected into prompts to generate personalized messages while the skill requires the APIFY_API_TOKEN, so external data directly controls the agent's outputs.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata