linkedin-leads
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external LinkedIn posts and profiles.
- Ingestion points: Data is retrieved from external sources using scripts such as
@reduck/linkedin.com/get_post,@reduck/linkedin.com/get_post_reactors, and various profile enrichment scripts. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded in the retrieved LinkedIn content.
- Capability inventory: The agent can perform Google searches and fetch detailed LinkedIn profile and company information. According to the skill description, it does not perform write actions like messaging.
- Sanitization: The skill does not describe any sanitization or validation of the retrieved text before it is evaluated for lead scoring.
- [COMMAND_EXECUTION]: The skill requires the user to run a local bridge command (
reduck local --cookies) to facilitate authenticated access to LinkedIn data, which establishes a dependency on an external local process.
Audit Metadata