social-posts
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute complex
ffmpegcommands for video processing, including text overlays and transitions. It also uses the macOSopencommand to launch Google Chrome with specific profile directories and URLs for social media platforms. - [EXTERNAL_DOWNLOADS]: The skill connects to Google Gemini API endpoints (
generativelanguage.googleapis.com) to generate content, images, and video. It also downloads video assets from URIs returned by these services usingurllib.request. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: Reads a brand context file (
product-marketing-context.md) and accepts arbitrary user-provided topics and angles. - Boundary markers: Absent. The skill does not define clear delimiters for external data or instructions to ignore embedded commands.
- Capability inventory: The skill can execute shell commands via
ffmpeg, run Python code for media manipulation and API requests, write files to the local system (generated-assets/,post-history/), and control the web browser via theopencommand. - Sanitization: No validation or sanitization of ingested content is specified before the data is used in prompts or command templates.
Audit Metadata