linkedin-ghostwriting
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests user-supplied stories, metrics, and insights to generate LinkedIn posts, which creates a potential surface for indirect prompt injection attacks if malicious instructions are embedded in the user's data.\n
- Ingestion points: User input is ingested during the 'Phase 1: Strategic Interview' described in SKILL.md, where the agent asks 8-14 questions to collect post material.\n
- Boundary markers: The instructions do not specify the use of delimiters (like XML tags) or 'ignore' instructions to separate user-provided context from the agent's core operational logic.\n
- Capability inventory: The skill has access to file system tools (Write, Edit, Read) and the Agent tool (used to invoke 'humanizer' skills), which could be potentially misused if the agent is manipulated via injected instructions.\n
- Sanitization: There is no instruction for the agent to validate, escape, or sanitize the user-provided content before processing it into the post body.
Audit Metadata