kol-content-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external social media feeds and processes it to generate reports and content suggestions.
- Ingestion points: LinkedIn posts and Twitter/X tweets retrieved in Phase 1 and Phase 2.
- Boundary markers: The skill description does not specify the use of delimiters or instructions to ignore embedded commands when processing the scraped text.
- Capability inventory: The skill writes generated intelligence reports to the local filesystem and proposes content hooks and strategies based on the ingested data.
- Sanitization: There is no mention of sanitizing or filtering the external content to prevent instructions from being interpreted as agent commands.
- [COMMAND_EXECUTION]: The skill uses shell commands to invoke scraping scripts with parameters derived from configuration files or user input.
- Evidence: Execution of
python3 skills/linkedin-profile-post-scraper/scripts/scrape_linkedin_posts.pyandpython3 skills/twitter-scraper/scripts/search_twitter.pywithin the workflow logic. - [EXTERNAL_DOWNLOADS]: The skill facilitates communication with external scraping infrastructure to retrieve data.
- Evidence: Use of the
APIFY_API_TOKENenvironment variable indicates network operations targeting Apify services for data extraction.
Audit Metadata