Skills
skills/postplusai/postplus-skills/prompt-preflight-qa/Gen Agent Trust Hub

prompt-preflight-qa

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a prompt validation utility and does not contain any malicious patterns such as obfuscation, persistence mechanisms, or privilege escalation.
  • [EXTERNAL_DOWNLOADS]: The skill includes a shared script (_postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjs) that utilizes the yt-dlp module to download media from external URLs. This is a standard functional component for the vendor's video processing workflows.
  • [COMMAND_EXECUTION]: Employs node:child_process to spawn python3 for executing the yt-dlp module. This execution is scoped to the retrieval of media assets defined in manifest files.
  • [CREDENTIALS_UNSAFE]: The shared runtime includes logic for managing vendor-specific session tokens and interacting with the PostPlus cloud API. These credentials are resolved from standard local configuration paths (e.g., ~/.config/postplus/config.json) using secure practices without hardcoding secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 06:37 AM