Skills
skills/masayan1126/masayan-uni-code-plugins/quote-repost/Gen Agent Trust Hub

quote-repost

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: LOWPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted data from external sources, creating a surface for indirect prompt injection.
  • Ingestion points: WORKFLOW.md defines steps to receive X/Twitter URLs, copied post text, and external article URLs.
  • Boundary markers: There are no instructions in SKILL.md or WORKFLOW.md to use delimiters or specifically warn the agent to ignore instructions embedded within the fetched external content.
  • Capability inventory: The skill uses a WebFetch tool to retrieve external data and generates text content intended for user consumption (copying to clipboard).
  • Sanitization: No sanitization, filtering, or validation of the external content is implemented before processing.
  • [Data Access] (INFO): The skill utilizes network capabilities to fetch data from external URLs as specified in WORKFLOW.md. This is inherent to its function but should be noted as it involves communication with external domains.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 17, 2026, 08:02 AM