Skills
skills/gooseworks-ai/goose-skills/linkedin-post-research/Gen Agent Trust Hub

linkedin-post-research

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill fetches and processes text from LinkedIn posts, which are untrusted external sources. If an agent processes a post containing malicious instructions, it might inadvertently execute them. \n
  • Ingestion points: Data is retrieved from the Apify API in scripts/search_posts.py. \n
  • Boundary markers: The processing logic lacks explicit delimiters or instructions to the agent to disregard embedded commands in the scraped content. \n
  • Capability inventory: The script has network access via the requests library and can write search results to the local filesystem if the --output-file argument is specified. \n
  • Sanitization: No content sanitization or instruction filtering is performed on the fetched LinkedIn post text before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:48 AM