Skills
skills/postplusai/postplus-skills/facebook-research/Gen Agent Trust Hub

facebook-research

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script _postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjs executes the yt-dlp tool via python3 to download video content. This is used to fulfill the skill's purpose of media collection.
  • [DATA_EXFILTRATION]: The skill manages and reads configuration data, including session tokens, from the PostPlus CLI configuration directory (e.g., ~/.config/postplus/config.json on Linux) to authenticate requests to its hosted collection API.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from public Facebook pages, groups, and posts.
  • Ingestion points: Raw content from Facebook posts, profile titles, and descriptions are collected and stored in .postplus/facebook-research/ (e.g., raw/facebook.json).
  • Boundary markers: The instructions in SKILL.md do not specify boundary markers or 'ignore' instructions for the agent when processing the results of the research.
  • Capability inventory: The skill has the capability to execute subprocesses (via yt-dlp), perform network operations to PostPlus APIs, and write files to the local filesystem.
  • Sanitization: The normalization scripts (internal/public-content/scripts/normalize_public_posts.mjs) extract data fields but do not perform sanitization or filtering to prevent embedded instructions from influencing the agent's behavior during summary generation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 06:37 AM