Skills
skills/akhy/agent-skills/buffer/Gen Agent Trust Hub

buffer

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script utilizes curl and jq for API communication and response parsing. Input parameters are safely passed to jq using arguments to prevent shell command injection.\n- [DATA_EXFILTRATION]: The skill transmits social media content and metadata to api.buffer.com. This is the documented and expected endpoint for the Buffer service, and the data sent corresponds to the skill's purpose of managing social media posts.\n- [PROMPT_INJECTION]: The skill ingests untrusted text data (post content and idea details) which could contain malicious instructions designed to influence the agent's behavior during social media management tasks.\n
  • Ingestion points: The --text parameter in create-post and --title/--text parameters in create-idea within scripts/buffer.sh.\n
  • Boundary markers: The script does not implement delimiters or safety warnings for the ingested text.\n
  • Capability inventory: The skill has network access via curl to api.buffer.com and local execution capabilities via jq.\n
  • Sanitization: Data is JSON-encoded via jq before transmission to prevent structure breakage, but instructions are not filtered or sanitized.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 08:13 AM