social-gen
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the use of
npx ai-social, which triggers the download of theai-socialpackage from the public npm registry at runtime. - [REMOTE_CODE_EXECUTION]: By utilizing
npx, the skill executes code from a remote source that is not part of the trusted organization list. This allows for the execution of arbitrary logic contained within the external package. - [COMMAND_EXECUTION]: The skill documentation encourages the execution of shell commands using user-supplied file paths as arguments. This could lead to unintended command execution if the agent does not strictly validate the input file names or paths.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from local files (e.g.,
README.md) to generate social media content using an LLM. - Ingestion points: Processes content from arbitrary markdown or text files provided as command-line arguments.
- Boundary markers: No delimited sections or instructions are provided to the agent to ignore potentially malicious content within the source files.
- Capability inventory: The skill reads local file content, executes shell commands via
npx, and requires anOPENAI_API_KEYenvironment variable for external API calls. - Sanitization: There is no evidence of sanitization, filtering, or validation of the input file content before it is processed by the external tool.
Audit Metadata