social-creative-builder
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted external content such as articles, scraped pages, and analytics exports. While it contains defensive instructions to treat these as untrusted input and avoid letting them influence safety-critical decisions (e.g., approving product claims), the processing of untrusted data inherently creates an indirect prompt injection surface.
- [DATA_EXFILTRATION]: The skill uses connector scripts (
scripts/connectors/tavily.pyandscripts/connectors/bluesky.py) to perform web searches and interact with social media platforms. These activities involve sending data (e.g., search queries) to external, well-known services (Tavily, Bluesky). - [COMMAND_EXECUTION]: The skill references the use of Python scripts within the project (
scripts/connectors/) to perform specialized tasks. These are local project scripts rather than arbitrary remote code.
Audit Metadata