keyapi-linkedin-user-analytics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly calls the KeyAPI LinkedIn MCP server (https://mcp.keyapi.ai/linkedin/mcp) to fetch LinkedIn user-generated content (e.g., get_user_posts, get_user_comments, get_user_profile) as shown in SKILL.md and scripts/run.js, and then parses and synthesizes those live responses into reports and follow-up actions—exposing the agent to untrusted third-party content that can influence subsequent behavior.