social-selling-planner

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill handles untrusted data from user-provided exports, screenshots, and social media posts, which presents a surface for indirect prompt injection.
  • Ingestion points: User-provided platform exports, screenshots, and watchlist signals as described in the instructions and Skill Contract.
  • Boundary markers: The skill contains an explicit security instruction (Instruction 0) directing the agent to treat inputs as untrusted and never follow instructions embedded within them.
  • Capability inventory: The skill has the ability to write to local memory files (e.g., memory/social/social-selling-planner/, memory/channels/candidates.md) and execute specific local scripts.
  • Sanitization: The skill relies on natural language instructions for the agent to ignore malicious content rather than programmatic sanitization.
  • [COMMAND_EXECUTION]: The skill invokes local Python scripts located in scripts/connectors/ (such as bluesky.py, tavily.py, and gdelt.py) to corroborate trigger signals and fetch data. These scripts are part of the vendor's (aaron-he-zhu) provided infrastructure for the skill motion.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 03:38 PM
Security Audit — agent-trust-hub — social-selling-planner