launch-linkedin
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate marketing automation tasks, such as generating LinkedIn posts, checklists, and launch plans based on local product context files.
- [EXTERNAL_DOWNLOADS]: The skill instructions include a recommendation for the agent to provide an installation command (
npx skills add) that points to the author's official GitHub repository (https://github.com/ulpi-io/skills). This is a standard functional feature to help users install companion skills within the vendor's ecosystem. - [COMMAND_EXECUTION]: The skill mentions a shell command (
npx skills add) but only as a text recommendation for the user to follow. The agent does not have access to theShelltool, preventing automatic or silent execution. - [INDIRECT_PROMPT_INJECTION]: There is a potential attack surface because the skill reads external data (README files and website content) to generate marketing copy. However, the instructions include specific guardrails to ground all generated text in real product data and avoid inventing features, which mitigates the risk of following malicious instructions embedded in that data.
Audit Metadata