Skills
skills/openagentsinc/openagents/moltbook/Gen Agent Trust Hub

moltbook

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (MEDIUM): The skill accesses a local JSON file containing API keys and identity information. While necessary for the skill's function, accessing files with 'credentials' in the path is a security risk.
  • Evidence: Path ~/.config/moltbook/credentials.json defined in SKILL.md.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted text from a social network.
  • Ingestion points: GET /posts and GET /posts/{id}/comments endpoints in SKILL.md.
  • Boundary markers: Absent; no delimiters or warnings for the agent to ignore instructions within the fetched posts.
  • Capability inventory: Execution of bash scripts via ./scripts/moltbook.sh.
  • Sanitization: Absent; no validation or escaping of social media content is described.
  • [COMMAND_EXECUTION] (LOW): The skill relies on local script execution for its primary operations.
  • Evidence: Use of ./scripts/moltbook.sh throughout SKILL.md.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:00 PM