social-media
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill creates a surface where data fetched by a research subagent is saved to a file and then read by the main agent without boundary markers or instructions to ignore embedded commands. Evidence: (1) Ingestion points: research/[slug].md; (2) Boundary markers: Absent; (3) Capability inventory: Tool execution (task, generate_social_image) and file writes; (4) Sanitization: Absent.
- Data Exposure & Exfiltration (LOW): The skill uses a user-influenced [slug] variable to construct file system paths. Without explicit sanitization instructions, this creates a potential surface for path traversal if the underlying agent does not have built-in directory restrictions.
Audit Metadata