linkedin-outreach
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill operates via a local Python CLI (
scripts/linkedin_outreach.py) that executes various automation tasks, including driving a visible Chromium browser via Playwright. All material actions (scouting, reviewing, and sending) are handled through shell command invocations. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
playwrightPython library and the subsequent download of browser binaries (Chromium) to function. These are standard dependencies for the claimed purpose. - [DATA_EXPOSURE]: The skill manages sensitive data, including LinkedIn browser session cookies and persistent lead databases. The script is designed to store this data locally in the user's home directory (
~/.linkedin-outreach/) and explicitly avoids any external exfiltration or cloud synchronization. - [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted text from LinkedIn search results, posts, and comments to facilitate AI-driven lead scoring and personalized messaging.
- Ingestion points: Data is pulled from LinkedIn search and post comments within the
scout-search,scout-activity, andscout-comment-keywordfunctions. - Boundary markers: No specific delimiters or "ignore previous instructions" markers are applied to the scraped content before it is passed to the agent.
- Capability inventory: The skill has the capability to send connection requests and direct messages (
connectanddmcommands). - Sanitization: Basic text normalization (whitespace removal) is performed, but no specialized sanitization against LLM-targeted injection is implemented.
Audit Metadata