Skills
skills/varnan-tech/opendirectory/linkedin-job-post-to-buyer-pain-map/Gen Agent Trust Hub

linkedin-job-post-to-buyer-pain-map

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted job descriptions directly from LinkedIn. If these descriptions contain malicious instructions, the agent may follow them during analysis.
  • Ingestion points: SKILL.md (Steps 2c, 4, and 5) ingest raw job description text.
  • Boundary markers: None; the skill does not use specific delimiters or instructions to ignore embedded commands within the job text.
  • Capability inventory: The agent can execute shell commands (curl, mkdir, cat) and write files to the local directory.
  • Sanitization: No validation or sanitization of the input text is performed before it is sent to the LLM.
  • [COMMAND_EXECUTION]: The skill uses shell commands like curl and python3 to interact with the Gemini API and mkdir, cat, and sed to manage local files and directories (e.g., creating docs/pain-maps/). These operations are consistent with the skill's stated purpose.
  • [EXTERNAL_DOWNLOADS]: The skill connects to Google's Gemini API (generativelanguage.googleapis.com) to analyze signals and generate content. This is a well-known and expected service for this type of agent skill.
  • [DATA_EXFILTRATION]: User-provided product information and the job posts being analyzed are sent to the Gemini API. This is the core functionality of the skill and is documented in the README and SKILL.md files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 05:51 PM
Security Audit — agent-trust-hub — linkedin-job-post-to-buyer-pain-map