social-media-posting
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on various CLI tools to perform its actions, including
ffmpegfor media conversion,curlfor API interactions, andxurlfor social media automation. It also utilizes thepeekabootool for macOS UI automation andpbcopyfor system clipboard access, which are high-privilege operations. - [CREDENTIALS_UNSAFE]: The documentation includes specific instructions for scraping sensitive session data (
csrftoken,sessionid) from Chrome profiles to facilitate authenticated requests to Instagram. It also references the use of environment variables for Telegram and Discord bot tokens. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted content from social media posts and threads for deduplication and engagement purposes. Evidence:
- Ingestion points: Reading recent posts and active threads (documented in
SKILL.mdandreferences/engagement-playbook.md). - Boundary markers: No explicit instructions are provided to treat this external data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill has significant capabilities including network requests (
curl), UI automation (peekaboo), and CLI command execution (xurl,ffmpeg). - Sanitization: No sanitization or filtering of the ingested social media content is mentioned before processing.
Audit Metadata