linkedin-creator
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting untrusted data during Phase 1 (Audience, Goal & Voice Audit) to generate tailored content. The absence of explicit boundary markers or sanitization could allow malicious instructions within the audit data to influence the agent's behavior. \n
- Ingestion points: Phase 1 (Audience, Goal & Voice Audit) in SKILL.md. \n
- Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the ingested content. \n
- Capability inventory: Access to bash, git, and file system operations as listed in the technical deliverables section. \n
- Sanitization: No input validation or sanitization logic is implemented for user-supplied profiles. \n
- [COMMAND_EXECUTION]: The skill explicitly documents the availability of high-privilege tools including bash, git, and file operations. While these are intended for legitimate project management, they increase the impact of potential injection vulnerabilities.
Audit Metadata