social-publisher
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill documentation consists of YAML metadata and Markdown descriptions of workflows. No executable scripts, binaries, or active code files are included in the skill package.
- [PROMPT_INJECTION]: The skill defines workflows that ingest untrusted data from external sources (Google Drive filenames) and injects them directly into LLM prompts to generate captions.
- Ingestion points: Filenames are extracted from a Google Drive trigger in
SKILL.md. - Boundary markers: The prompts in the
generate_captionsstep (e.g., 'Create a TikTok caption for video: {filename}') lack delimiters or instructions to ignore potential commands embedded within the filename. - Capability inventory: The skill possesses significant capabilities, including tools for publishing content to TikTok, Instagram, YouTube, LinkedIn, and Twitter/X.
- Sanitization: No sanitization or validation logic is present to filter malicious instructions contained in the source file metadata.
Audit Metadata