social-push-skill
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local bash scripts from the scripts/ directory to automate interactions with social media platforms.
- [COMMAND_EXECUTION]: The Self-evolution instructions direct the agent to analyze failed interactions and edit its own script files or workflow definitions to correct them, creating a risk of persistent malicious logic modification if manipulated.
- [COMMAND_EXECUTION]: Uses system utilities such as pbcopy and cat to manage article content and access local files.
- [COMMAND_EXECUTION]: Configures the browser automation tool to utilize a persistent profile at /tmp/agent-profile, which stores session and authentication data on the local filesystem.
- [EXTERNAL_DOWNLOADS]: Connects to external social media sites including weibo.com, mp.weixin.qq.com, and creator.xiaohongshu.com to perform publishing tasks.
- [PROMPT_INJECTION]: Susceptible to indirect prompt injection through the processing of untrusted content from user-provided files or input strings. 1. Ingestion points: File paths and content parameters passed to automation scripts like xiaohongshu-article.sh. 2. Boundary markers: No delimiters or instruction-override protections are used when handling external content. 3. Capability inventory: Ability to execute shell scripts, modify local files, and run arbitrary JavaScript via agent-browser eval. 4. Sanitization: Content is passed directly to the browser and system clipboard without validation or sanitization.
Audit Metadata