Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- SAFE: The skill consists entirely of markdown documentation and metadata files. There are no executable scripts, binaries, or automated installers included.
- CREDENTIALS_UNSAFE (SAFE): While the documentation correctly identifies that a Facebook App ID and Secret are required for operation, it does not include any hardcoded credentials. It explicitly provides security notes advising against logging tokens or secrets.
- NO_CODE: The skill serves as a reference guide for an AI agent to understand API structures and does not provide any active code that could be exploited or perform unauthorized actions.
- INDIRECT_PROMPT_INJECTION (LOW): The skill describes workflows for interacting with external data (Facebook comments and posts). This represents an attack surface for indirect prompt injection if an agent processes this data at runtime. However, the documentation includes moderation and validation guidance to mitigate these risks.
Audit Metadata