post-bridge
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate tool for social media automation. No malicious code, obfuscation, or unauthorized access patterns were detected.
- [COMMAND_EXECUTION]: The skill uses a Node.js script (
./scripts/post-bridge.js) to handle API requests and media uploads. This script is self-contained and does not perform any arbitrary command execution or system-level modifications. - [EXTERNAL_DOWNLOADS]: Network requests are directed to the official API domain
api.post-bridge.com. The skill also performs file uploads to dynamically generated URLs provided by the vendor's API, which is standard functionality for media management. - [CREDENTIALS_UNSAFE]: The skill requires a
POST_BRIDGE_API_KEY. It provides a setup command to store the key in local or global configuration files (~/.config/post-bridge/config.json) and supports environment variables. This approach is standard for developer-oriented CLI tools and does not involve hardcoding secrets in the source code. - [PROMPT_INJECTION]: The skill includes guidelines for automation to prevent unintended behavior. While it processes external data from the API and user-provided captions (representing a standard indirect injection surface), the risk is mitigated by the skill's design and the vendor's instructions for agents to confirm irreversible actions.
Audit Metadata