linkedin-chrome
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from an external source.
- Ingestion points: External data is ingested via LinkedIn comments and post content extracted from the activity page (SKILL.md).
- Boundary markers: Absent. The instructions do not provide delimiters for external content or explicit warnings to the agent to ignore instructions embedded within comments.
- Capability inventory: The skill possesses high-capability tools including browser automation (claude-in-chrome, chrome-devtools-mcp), file system read access for campaign memory, and the ability to perform web actions such as posting content and replying to users.
- Sanitization: Absent. The extracted comment text is used directly for summarization and as the basis for drafting replies without validation or escaping.
Audit Metadata