social-analytics
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMNO_CODEEXTERNAL_DOWNLOADS
Full Analysis
- NO_CODE (MEDIUM): The core logic file
scripts/main.pyreferenced inSKILL.mdis missing. Without this file, the analyzer cannot verify if the script performs unauthorized file access, exfiltrates sensitive environment variables, or contains malicious command execution patterns. - Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze untrusted content from social media platforms.
- Ingestion points: Profile data and posts retrieved via
requests,beautifulsoup4,tweepy, andinstaloader(as indicated by dependencies). - Boundary markers: Unknown due to missing script code.
- Capability inventory: Network access via Python libraries; standard subprocess execution.
- Sanitization: Unknown. Malicious instructions embedded in social media bios or posts could potentially influence the agent's summarized output or optimization suggestions.
- EXTERNAL_DOWNLOADS (LOW): The skill utilizes external libraries like
requestsand platform-specific API wrappers to download data. While the libraries themselves are standard, the source of the data (social media) is untrusted.
Audit Metadata