social-content
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown content and templates. No executable scripts, binaries, or automation code are present, which mitigates risks related to command execution, privilege escalation, or persistence.
- [PROMPT_INJECTION]: The skill adopts a persona-based instruction set ('expert social media strategist') to guide behavior. These instructions are standard for specialized agents and do not attempt to bypass safety filters or ignore system instructions.
- [PROMPT_INJECTION]: The 'Reverse Engineering' framework introduces an attack surface for indirect prompt injection by instructing the agent to analyze external content (scraped social media posts).
- Ingestion points: External content from social media platforms and user-provided business context (SKILL.md).
- Boundary markers: The instructions lack explicit delimiters or warnings to treat external data as untrusted content.
- Capability inventory: No technical capabilities such as file system access or network operations are defined in this skill; the scope of influence is limited to the generated response.
- Sanitization: The skill does not specify any methods for validating or escaping external data before processing.
- [EXTERNAL_DOWNLOADS]: The documentation mentions third-party services like Apify and Phantom Buster for research purposes. These are presented as manual tool recommendations for the user rather than automated scripts for the agent to execute, posing no direct security threat.
Audit Metadata