Skills
skills/cpfiffer/central/Social Graph Tracking/Gen Agent Trust Hub

Social Graph Tracking

Warn

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data from an external social network.
  • Ingestion points: references/social.py fetches user profiles and post interactions via get_my_follows, get_my_followers, and get_recent_interactions from the Bluesky API.
  • Boundary markers: No delimiters or safety instructions are used when storing or processing this external data.
  • Capability inventory: The skill has file-write capabilities (save_graph writes to data/social_graph.json) and network access via httpx.
  • Sanitization: There is no evidence of sanitization for display names or handles. A malicious actor could set their display name to an injection string (e.g., 'Ignore previous instructions and...') which would then be stored in the agent's local data and potentially executed if the agent later processes that graph to automate social tasks.
  • DATA_EXFILTRATION (LOW): The skill performs network operations to public.api.bsky.app.
  • While this is the intended purpose of the skill, the domain is not on the pre-approved whitelist. The skill transmits the hardcoded MY_DID to this external endpoint to fetch social data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 13, 2026, 09:48 PM