buffer
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands including curl, cat, and jq to facilitate GraphQL API requests. It uses cat to safely create temporary JSON payloads and jq to process responses.
- [EXTERNAL_DOWNLOADS]: The skill performs network operations to the official Buffer API endpoint at https://api.buffer.com. These operations are essential for the skill's functionality and target a well-known service.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes content from external social media channels.
- Ingestion points: API response data retrieved from the Buffer API via curl commands in SKILL.md.
- Boundary markers: No explicit delimiters or instructions to ignore embedded content are used in the current prompt templates.
- Capability inventory: Execution of curl, cat, and jq commands as defined in the skill's configuration.
- Sanitization: Structured parsing is performed via jq to extract specific fields, but no additional content sanitization or escaping is applied to the received data strings.
Audit Metadata