linkedin-profile-optimizer
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design. It processes content from user-provided LinkedIn profile links, external portfolio websites (GitHub, Behance), and uploaded CV files. This allows external, untrusted content to enter the agent's context, which could potentially contain hidden instructions intended to manipulate the agent's output. However, as this is the primary functionality of the skill and no malicious logic was identified, this is noted as an inherent risk rather than a violation.\n
- Ingestion points: Processes content from LinkedIn URLs, portfolio links, and CV files (SKILL.md).\n
- Boundary markers: The skill lacks explicit instructions to delimit or ignore potential commands embedded within external data sources.\n
- Capability inventory: The skill utilizes browsing capabilities to access external links for analysis.\n
- Sanitization: No specific validation or sanitization of ingested content is defined in the instructions.
Audit Metadata