social-publisher
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by interpolating untrusted file metadata into generation prompts.
- Ingestion points: Filenames are ingested from a Google Drive folder ('/Ready to Publish') as shown in the 'google_drive' trigger configuration in SKILL.md.
- Boundary markers: Absent. The n8n configuration steps (e.g., 'Create a TikTok caption for video: {filename}') place the filename directly into the instructional text without using delimiters or escaping sequences.
- Capability inventory: The skill possesses significant capabilities via the 'social-media-mcp' server, including tools for uploading and posting content to TikTok, Instagram, YouTube, LinkedIn, and Twitter/X.
- Sanitization: Absent. The workflow does not include any validation or filtering steps for the filename variable before it is passed to the OpenAI/GPT-4 caption generation step.
Audit Metadata