Skills
skills/cdeistopened/opened-vault/x-posting/Gen Agent Trust Hub

x-posting

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • DATA_EXFILTRATION (MEDIUM): The skill accesses the sensitive .env file to retrieve the GETLATE_API_KEY and transmits it to a non-whitelisted external domain.
  • Evidence: The Python script in Step 6 uses load_dotenv to read the .env file and requests.post to send data to https://getlate.dev/api/v1 with the key in the Authorization header.
  • Risk: Accessing environment files combined with network requests is an exfiltration pattern. Severity is lowered to MEDIUM as this behavior is core to the skill's intended purpose of API integration.
  • PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the way it processes untrusted data.
  • Ingestion points: The workflow reads local podcast/blog files (Step 1) and searches the web for guest information (Step 2).
  • Boundary markers: Step 3 uses Markdown headers (## Source Content) to separate untrusted data in the sub-agent prompt but lacks secure delimiters or explicit instructions to ignore embedded commands within the source text.
  • Capability inventory: The agent has the ability to execute shell commands (python3 agents/post_tweet.py) and perform authenticated network requests via the provided Python snippets.
  • Sanitization: No sanitization or validation of the content extracted from external sources is performed before it is passed to the sub-agent prompt.
  • COMMAND_EXECUTION (SAFE): The skill uses standard shell commands (ls, head) for local file navigation and python3 for executing its own logic scripts. These are appropriate for the primary use case.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:49 PM