LinkedIn Skill

The skill instructs the agent to install an external npm package (`@linkedapi/linkedin-cli`) via `npm install -g` in `SKILL.md`. This introduces a supply chain risk, as the integrity of the external package cannot be guaranteed by the skill bundle itself. Additionally, the skill requires the user to provide sensitive API tokens (`Linked API Token`, `Identification Token`) for authentication with an external service (`app.linkedapi.io`), which the agent is then instructed to use. While the instructions do not show explicit malicious intent (e.g., no prompt injection to steal data or subvert the agent), the reliance on an external executable and the handling of sensitive credentials constitute meaningful high-risk behaviors, classifying it as suspicious rather than benign.