typefully
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The README instructions recommend installing the skill via a ZIP file hosted on a non-trusted GitHub repository (
synapz-org). This bypasses the ability to audit the code locally before installation and execution. - [PROMPT_INJECTION] (LOW): The skill ingests data from the Typefully API, such as analytics and draft content. This represents an indirect prompt injection surface if external actors can influence the data returned by the API (e.g., via social media interactions or shared account content).
- Ingestion points: API responses from
get-analytics,get-drafts, andlist-social-setsfunctions. - Boundary markers: Not present in the provided documentation or configuration files.
- Capability inventory: Network requests to Typefully API for drafting and scheduling posts across multiple social platforms.
- Sanitization: Unable to verify as the primary Python client logic (
typefully_client.py) and skill instructions (SKILL.md) were not included in the provided file set. - [CREDENTIALS_UNSAFE] (SAFE): The skill correctly uses environment variables (
TYPEFULLY_API_KEY) and example files to manage sensitive credentials rather than hardcoding them. - [DATA_EXFILTRATION] (SAFE): Network communication is directed to the Typefully API (
typefully.com), which is consistent with the skill's stated purpose.
Audit Metadata