Skills
skills/naveedharri/benai-skills/linkedin-post-engagers/Gen Agent Trust Hub

linkedin-post-engagers

Fail

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads data from Apify's official API (api.apify.com). This is a well-known service for data extraction and the traffic is directed to their standard dataset endpoints.
  • [COMMAND_EXECUTION]: Uses shell commands (curl) to fetch data and sleep for process synchronization. It also executes Python scripts to parse and deduplicate the downloaded JSON datasets. While the agent generates the script logic, it is based on templates provided in the skill instructions.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion of untrusted content from LinkedIn comments, reactions, and 'About' bios.
  • Ingestion points: External data enters the context via the dataset.json file containing scraped LinkedIn content (SKILL.md).
  • Boundary markers: The Python processing scripts do not implement specific delimiters or boundary markers to isolate untrusted data from the agent's instructions.
  • Capability inventory: The agent has the ability to execute shell commands (curl, bash) and run Python code (SKILL.md).
  • Sanitization: The skill author includes a specific 'Prompt Injection Warning' advising the agent to treat all scraped data as untrusted and to never execute instructions found in profile fields, which serves as a manual safety instruction.
Recommendations
  • HIGH: Downloads and executes remote code from: https://api.apify.com/v2/datasets/{DATASET_ID}/items - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 12, 2026, 03:09 AM