social-media-management
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a bash script for batch content creation that is vulnerable to shell command injection. The '$topic' variable is interpolated directly into a shell command without sanitization, allowing for arbitrary command execution if an attacker provides a topic name containing shell metacharacters like backticks or command substitution sequences.
- [COMMAND_EXECUTION]: The instructions encourage the use of an unverified third-party CLI utility named 'infsh'. Running unverified binaries or CLI tools on a system presents a significant security risk, as the tool may contain malicious code or perform unauthorized actions.
- [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of remote AI models (Google Veo, Fal.ai Flux, and OpenRouter Claude) via the 'infsh' utility, which involves sending data to and receiving executable-like results from external endpoints.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from a local file ('.claude/product-marketing-context.md') and incorporates user-provided topics into AI prompts without sanitization or boundary markers. Ingestion points: .claude/product-marketing-context.md. Boundary markers: Absent. Capability inventory: CLI execution via 'infsh'. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata