Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/typefully_scheduler.pyto manage LinkedIn posts. The script is implemented using standard Python libraries and performs no unsafe subprocess operations. - [DATA_EXFILTRATION]: Post content is transmitted to the official Typefully API at
api.typefully.com. This is a well-known service and the communication is essential for the skill's primary function of scheduling social media content. - [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill processes user-provided topics for post generation. This risk is mitigated by a mandatory human-in-the-loop approval step in the workflow.
- Ingestion points: User-provided topic for LinkedIn posts.
- Boundary markers: No explicit delimiters are used when interpolating user input into the drafting prompt.
- Capability inventory: Execution of a Python script with network access and local file read access.
- Sanitization: The generated draft must be reviewed and approved by the user before being scheduled via the API.
Audit Metadata