Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill performs network operations by interacting with the
refly.aidomain through CLI commands and browser redirection. This domain is not on the predefined trusted whitelist. - [Indirect Prompt Injection] (LOW): The skill processes untrusted input via the
post_contentparameter which is then transmitted to a social media platform. This presents an indirect prompt injection surface if the agent populates this field with data from external sources. - Ingestion points:
post_contentvariable inSKILL.md. - Boundary markers: None (input is passed as a raw string within a JSON object).
- Capability inventory: Social media posting, media sharing, and workflow automation on Facebook via the
reflyCLI. - Sanitization: No sanitization or escaping of the input content is defined within the skill's instructions.
Audit Metadata