noxinfluencer
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs and uses the
@noxinfluencer/clipackage. This is the official tool provided by the skill's author (NoxInfluencer) for interacting with their platform. - [COMMAND_EXECUTION]: The skill operates by executing local shell commands via the
noxinfluencerCLI. These commands are used for legitimate discovery, analysis, and monitoring tasks as described in the skill's documentation. - [PROMPT_INJECTION]: The skill processes data from external social media platforms (YouTube, TikTok, and Instagram) which is retrieved through CLI commands. This constitutes an indirect prompt injection surface; however, it is the core intended functionality of the tool and is handled using standard command output processing without bypassing safety guidelines.
- [CREDENTIALS_UNSAFE]: The skill manages a
NOXINFLUENCER_API_KEY. It explicitly instructs the agent to use secure practices, such asnoxinfluencer auth --key-stdin, to avoid exposing the secret in command logs or process lists.
Audit Metadata