facebook-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill facilitates interaction with untrusted external data from Facebook, which could potentially contain malicious instructions designed to influence agent behavior.
- Ingestion points: The skill fetches data from Facebook pages, posts, comments, and insights via the
rubeMCP server. - Boundary markers: Absent. The skill does not provide specific instructions or delimiters to help the agent distinguish between its own operational instructions and the data retrieved from external sources.
- Capability inventory: The skill includes significant write capabilities, such as creating and scheduling posts, replying to comments, and managing ad accounts.
- Sanitization: Absent. No sanitization or validation logic is defined for the external content processed by the skill.
- [NO_CODE]: This skill consists purely of configuration metadata and natural language instructions. It does not ship with any scripts, binaries, or executable code, reducing its direct attack surface.
- [SAFE]: No malicious patterns, such as hardcoded credentials, obfuscated code, or unauthorized exfiltration attempts, were detected. The use of external resources is consistent with the skill's primary purpose of Facebook automation.
Audit Metadata