linkedin-recruiting

Pass

Audited by Gen Agent Trust Hub on Jul 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It ingests untrusted data from LinkedIn profiles, email digests, and resumes, which is then interpolated directly into the prompt context for the LLM during the triage process in lr/triage.py.
  • Ingestion points: LinkedIn applicant names, headlines, locations, screening question answers (extracted in lr/ingest_applicants.py), and resume text excerpts.
  • Boundary markers: Absent. The triage prompt template (prompts/triage_batch.tmpl) and system prompt do not utilize specific delimiters or instructions to ignore instructions embedded within the candidate data.
  • Capability inventory: The skill has the capability to write to the local file system (Obsidian vault), execute shell commands via subprocess.run, and perform browser automation via Playwright.
  • Sanitization: The skill does not perform specific sanitization or filtering of the external content before passing it to the model, relying only on standard JSON serialization.
  • [COMMAND_EXECUTION]: The skill uses subprocess.run in lr/claude_client.py and lr/shell.py to execute system commands. It specifically calls the claude CLI with the --dangerously-skip-permissions flag to automate model interactions and interacts with sibling skills like gmail-skill. It also performs dynamic JavaScript execution within a browser context via page.evaluate in lr/ingest_applicants.py to extract applicant details and fetch resume data.
  • [DATA_EXFILTRATION]: The skill accesses a local Obsidian vault (VAULT_ROOT) and potentially sensitive files such as Comp Analysis.md defined in lr/config.py. While this is part of its recruiting workflow, it involves reading from and writing to sensitive user directories. Additionally, applicant data and resume excerpts are transmitted to an external LLM provider for analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 5, 2026, 06:05 PM
Security Audit — agent-trust-hub — linkedin-recruiting