social-calendar-system
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill is designed to process external social media performance metrics, sentiment scores, and content from a prompt library. There are no boundary markers or sanitization steps defined for these ingestion points.
- Ingestion points: Performance packets, sentiment summaries, and the
@puerto/README.mdprompt library. - Capability inventory: The skill can pause channel queues, notify directors, and trigger automation scripts.
- Command Execution (MEDIUM): The 'Guardrail Actions' section explicitly mentions triggering 'Playwright-driven QA' if landing page links change. Playwright is a browser automation tool that executes code/scripts. If the landing page links are sourced from untrusted data or if the automation script is not strictly controlled, this could be exploited to perform SSRF or other browser-based attacks.
- External Downloads (LOW): The skill references an external prompt library at
@puerto/README.md. While this appears to be a documentation reference, it introduces a dependency on external content that the agent is instructed to use for LinkedIn, X, and TikTok content generation.
Audit Metadata