social-scraping
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
agentcash.fetchto interact with external APIs atstablesocial.dev. These network operations are the primary function of the skill for data retrieval and do not target sensitive local files or private credentials. - [COMMAND_EXECUTION]: The documentation includes a setup command for the
agentcashtool (npx agentcash@latest install). This is a standard installation procedure for the required tool and is not malicious. - [DATA_EXFILTRATION]: No evidence of sensitive data exfiltration (such as SSH keys, AWS credentials, or environment variables) was found. The data being processed is public social media information requested by the user.
- [PROMPT_INJECTION]: The instructions do not contain attempts to override agent safety guidelines, system prompts, or persona restrictions.
- [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded API keys or secrets. It uses a token-based system for job polling, where tokens are dynamically generated by the service.
Audit Metadata