facebook-page
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts 'x_digest_collect.js' and 'x_digest_to_fb.js' utilize 'execFileSync' to run an external, non-standard binary named 'bird'. This binary is not provided by the skill or listed as a standard dependency, posing a risk if the binary is untrusted or the system environment is compromised.
- [DATA_EXFILTRATION]: The skill requires sensitive Twitter session cookies ('AUTH_TOKEN' and 'CT0') to be provided in the environment. While intended for authentication with the 'bird' CLI, these credentials grant full account access and represent a high-value target for theft.
- [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface by fetching untrusted data from X and publishing it to a Facebook Page. 1. Ingestion points: Tweet text is ingested via the 'bird' command in 'scripts/x_digest_to_fb.js'. 2. Boundary markers: Absent; untrusted tweet content is concatenated directly into the post caption. 3. Capability inventory: The skill has 'execFileSync' for command execution, 'fs.writeFileSync' for file access, and 'fetch' for network operations. 4. Sanitization: Absent; no sanitization or filtering of malicious instructions within the fetched tweet text is performed before posting.
Audit Metadata