Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-risk surface for adversarial control via external platform data.
- Ingestion points: Untrusted data enters the context via 'List recent comments' and 'Hashtag research' features defined in
SKILL.md. - Boundary markers: Absent. There are no instructions or delimiters defined to prevent the agent from obeying instructions embedded in retrieved comments.
- Capability inventory: The skill possesses side-effect capabilities including 'Post content', 'Manage stories', and 'Comment management' (as seen in
SKILL.md). - Sanitization: Absent. No sanitization or filtering logic is provided for external content.
- No Code (LOW): The analyzed skill contains only documentation and metadata. While the metadata specifies requirements for system binaries (
curl,jq), the absence of scripts prevents a full security audit of the actual implementation logic.
Recommendations
- AI detected serious security threats
Audit Metadata