Back to skill

Security audit

Skill Linkedin

Security checks across malware telemetry and agentic risk

Overview

The skill appears intended for LinkedIn outreach, but it asks for a sensitive LinkedIn session token and does not clearly bound how that account access is used.

Review carefully before installing. Only use it if you trust the publisher with access to your LinkedIn session, understand whether it can read connections or send messages, and are comfortable with the account-policy and privacy risks. Avoid providing a session token unless the skill documents token handling, no-logging behavior, retention, and requires your explicit review before any outreach is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list is broad enough to activate on generic LinkedIn-related discussion, which can cause the skill to engage outside its intended scope. Overbroad activation increases the chance of unintended prompt injection surface, irrelevant behavioral steering, and accidental processing of prospecting workflows when the user only mentioned LinkedIn in passing.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The description defines activation using expansive 'use when' statements without clear exclusion criteria, making routing ambiguous. In agent systems, ambiguous invocation rules can misfire this skill in unrelated contexts and expose users to unintended instructions, storage behaviors, or third-party API usage.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest uses very broad trigger language for LinkedIn outreach and lead-generation scenarios without defining meaningful boundaries, exclusions, or user-confirmation requirements. This can cause the skill to activate in contexts where users did not explicitly consent to outreach automation, increasing the chance of unintended message generation, spammy behavior, or misuse in social-engineering workflows.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill declares access to LINKEDIN_SESSION_TOKEN, which is a highly sensitive credential tied to a real LinkedIn account session, but the manifest provides no warning about privacy, account risk, storage limits, or transmission behavior. If mishandled or exposed, this token could allow account takeover-like access, impersonation, scraping, messaging abuse, or violation of platform policies.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.