Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses bash -c to interpolate environment variables into curl commands. This is a documented workaround for tool-specific limitations and is considered safe in this context.
- [DATA_EXFILTRATION] (LOW): The skill makes network requests to graph.facebook.com. While this domain is not on the standard whitelist, it is the legitimate endpoint for the skill's primary purpose.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data (Instagram captions). 1. Ingestion points: API responses from graph.facebook.com (e.g., caption fields). 2. Boundary markers: None present in the command examples. 3. Capability inventory: curl (read/write). 4. Sanitization: None implemented in the provided shell snippets.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets or API keys were detected; the skill properly utilizes vm0_secrets for sensitive tokens.
Audit Metadata