Skills
skills/cklxx/elephant.ai/moltbook-posting/Gen Agent Trust Hub

moltbook-posting

Fail

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses the sensitive file path ~/.alex/config.yaml to read API keys and base URL configurations.
  • [DATA_EXFILTRATION]: Credential exposure risk exists because the skill sends the retrieved API key in the Authorization header to any URL specified in the MOLTBOOK_API_FALLBACK_URLS environment variable.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting untrusted data from the Moltbook API and Bing RSS fallback results.
  • Ingestion points: Untrusted external data is fetched in run.py via the feed and search actions.
  • Boundary markers: No boundary markers or protective instructions are implemented to prevent the agent from executing commands embedded in the retrieved content.
  • Capability inventory: The skill has the capability to perform network POST requests and read local configuration files.
  • Sanitization: No sanitization, filtering, or validation is performed on the data fetched from external sources before it is returned to the agent context.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 15, 2026, 02:06 AM