threads-post
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration and documentation reference external endpoints at mcp.publora.com and api.publora.com. These are the official service endpoints for the skill core functionality.
- [COMMAND_EXECUTION]: The documentation includes curl command examples for interacting with the REST API directly. These examples use placeholders for API keys and represent intended usage for developer testing.
- [PROMPT_INJECTION]: The skill processes user-supplied text via the create_post tool to publish content on a public social media platform, creating an indirect prompt injection surface. Evidence: 1. Ingestion Point: content parameter in create_post tool. 2. Boundary Markers: None explicitly defined. 3. Capability Inventory: Capability to write and publish content to external social media platforms. 4. Sanitization: No specific sanitization or filtering logic is mentioned in the skill instructions.
Audit Metadata