kol-content-monitor
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the ingestion and processing of untrusted content from LinkedIn and Twitter.
- Ingestion points: External data enters the agent context via social media post scrapers (
scrape_linkedin_posts.pyandsearch_twitter.py). - Boundary markers: The instructions do not define delimiters or specific boundary markers to separate the untrusted scraped text from the agent's internal analysis logic.
- Capability inventory: The skill has the capability to execute shell commands (running Python scripts) and write to the local file system (
clients/<client-name>/intelligence/). - Sanitization: There is no mention of sanitizing or filtering the scraped content for embedded instructions before it is used for topic clustering or generating content recommendations.
- [COMMAND_EXECUTION]: The skill relies on executing external Python scripts provided by the
linkedin-profile-post-scraperandtwitter-scraperskills. While these are documented dependencies, the safety of thekol-content-monitorskill depends on the integrity and security of these upstream scripts.
Audit Metadata