social-selling-planner
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill handles untrusted data from user-provided exports, screenshots, and social media posts, which presents a surface for indirect prompt injection.
- Ingestion points: User-provided platform exports, screenshots, and watchlist signals as described in the instructions and Skill Contract.
- Boundary markers: The skill contains an explicit security instruction (Instruction 0) directing the agent to treat inputs as untrusted and never follow instructions embedded within them.
- Capability inventory: The skill has the ability to write to local memory files (e.g.,
memory/social/social-selling-planner/,memory/channels/candidates.md) and execute specific local scripts. - Sanitization: The skill relies on natural language instructions for the agent to ignore malicious content rather than programmatic sanitization.
- [COMMAND_EXECUTION]: The skill invokes local Python scripts located in
scripts/connectors/(such asbluesky.py,tavily.py, andgdelt.py) to corroborate trigger signals and fetch data. These scripts are part of the vendor's (aaron-he-zhu) provided infrastructure for the skill motion.
Audit Metadata