linkedin-scraper
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external LinkedIn profiles, company pages, and posts, creating a surface for indirect prompt injection. Ingestion points include profile summaries, headlines, and post text retrieved from the API. No boundary markers or sanitization logic were identified to isolate this external content from the agent's instructions. The skill possesses capabilities for shell command execution via curl and python3.
- [COMMAND_EXECUTION]: The skill executes shell commands to manage authentication and interact with the backend API. It uses python3 to extract keys from ~/.gooseworks/credentials.json and curl to send POST requests to the API endpoints.
- [EXTERNAL_DOWNLOADS]: The skill documentation refers to using npx to install tools or authenticate, which involves the download and execution of remote packages from the npm registry.
Audit Metadata