Skills
skills/jarmen423/skills/postiz-cli-agents/Gen Agent Trust Hub

postiz-cli-agents

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the postiz CLI globally using standard package managers (npm, pnpm, or bun). This is a legitimate dependency for the skill's functionality, pulling from the official registry.
  • [COMMAND_EXECUTION]: The skill uses the postiz command-line tool to perform various API operations, such as listing integrations, creating posts, and uploading media. This is the primary intended use of the skill.
  • [DATA_EXFILTRATION]: The skill handles media uploads to the Postiz API via the postiz upload command. It demonstrates good security posture by explicitly instructing the user to never commit API keys or paste them into logs or chat outputs.
  • [PROMPT_INJECTION]: The skill ingests data from the Postiz API (e.g., integration lists and settings schemas). This represents an indirect prompt injection surface typical of API-interfacing skills.
  • Ingestion points: CLI output from postiz integrations:list and postiz integrations:settings (found in SKILL.md).
  • Boundary markers: None explicitly defined for CLI output parsing.
  • Capability inventory: Subprocess execution of postiz for creating/deleting posts and uploading files (found in SKILL.md and references/cli-command-reference.md).
  • Sanitization: Relies on jq for structured data selection and CLI-level validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:35 AM