syncx
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Python script located at
scripts/publish_sync.pyto perform the publishing workflow. - [CREDENTIALS_UNSAFE]: The instructions direct the user to store sensitive platform credentials, including API keys and session cookies, in a local
.envfile for authentication. - [PROMPT_INJECTION]: The skill processes untrusted text input for publication without incorporating boundary markers or sanitization steps to mitigate potential indirect prompt injection. Ingestion point:
textinput in SKILL.md. Boundary markers: None identified. Capability inventory: Network communication for platform publishing via the entrypoint script. Sanitization: No sanitization logic described in the instructions.
Audit Metadata