linkedin-post
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes user-provided audit data and context to generate social media posts. This creates a surface for indirect injection if the provided data contains malicious instructions. However, because the skill's capability is limited to generating text for the user to review and manually copy-paste, the threat is considered low risk.
- [External Downloads] (SAFE): While the metadata mentions an external MCP server reference (@clawfu/mcp-skills), the skill itself does not execute any download commands or pull remote scripts.
- [General Security] (SAFE): No evidence of prompt injection, data exfiltration, obfuscation, or persistence mechanisms was found. The skill operates within the expected boundaries of a content generation tool.
Audit Metadata