Skills
skills/gooseworks-ai/goose-skills/linkedin-profile-post-scraper/Gen Agent Trust Hub

linkedin-profile-post-scraper

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The script scrape_linkedin_posts.py performs network requests to api.apify.com and api.gooseworks.ai to interact with the Apify platform. Authentication tokens are transmitted via query parameters, which is the standard protocol for the Apify API.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves untrusted content from external LinkedIn profiles.
  • Ingestion points: Data is fetched from LinkedIn via the Apify actor's dataset results in scripts/scrape_linkedin_posts.py.
  • Boundary markers: The scraped content is provided to the agent without boundary markers or instructions to ignore embedded commands.
  • Capability inventory: The agent can read and process the output, which may contain instructions that could influence subsequent agent actions.
  • Sanitization: The script performs no sanitization or filtering of the scraped text to neutralize potential prompt injection instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 10:48 AM