Skills
skills/sickn33/antigravity-awesome-skills/linkedin-cli/Gen Agent Trust Hub

linkedin-cli

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of the @linkedapi/linkedin-cli package from the public NPM registry and communicates with the app.linkedapi.io service to perform LinkedIn automation.
  • [COMMAND_EXECUTION]: The skill's primary functionality is built around executing shell commands using the linkedin CLI tool for profile fetching, messaging, and account management.
  • [CREDENTIALS_UNSAFE]: The setup process requires users to pass sensitive API and identification tokens as plain-text arguments to the linkedin setup command. This can result in credentials being stored in the user's shell history (e.g., ~/.bash_history), which is a security risk.
  • [PROMPT_INJECTION]: The skill processes untrusted data from LinkedIn, including profiles, posts, and messages. This creates an attack surface for indirect prompt injection:
  • Ingestion points: Content is retrieved via commands like person fetch, message get, and post fetch in SKILL.md.
  • Boundary markers: No delimiters or instructions are specified to prevent the agent from obeying instructions embedded in the retrieved data.
  • Capability inventory: The skill has extensive command execution capabilities through the linkedin tool.
  • Sanitization: There is no mention of sanitizing or escaping the retrieved external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 05:31 AM