skills/aradotso/marketing-skills/whatsapp-instagram-tiktok-mass-sender-marketing/Gen Agent Trust Hub
whatsapp-instagram-tiktok-mass-sender-marketing
Fail
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to obtain and use scripts from unverified external locations, specifically referencing Google Sites URLs (
https://sites.google.com/view/facebook-script-custom/andhttps://sites.google.com/view/instagram-keyword-hashtag-lead/). These are not official or trusted software distribution platforms and may host malicious or abusive content. - [DATA_EXFILTRATION]: The skill provides logic and instructions for scraping private or semi-private user data from social media platforms, including follower lists and phone numbers extracted from bios. This data is then used for automated targeting and messaging campaigns.
- [CREDENTIALS_UNSAFE]: The system is designed to manage and utilize sensitive account credentials (usernames and passwords) for Instagram, TikTok, and WhatsApp. It relies on environment variables for these secrets, which increases the risk of credential exposure in shared or insecure execution environments.
- [COMMAND_EXECUTION]: The skill encourages the use of automated account management and 'matrix marketing' scripts that perform high-volume actions like mass DMing and automated commenting. Such activities are frequently associated with spam, phishing, and platform abuse.
Recommendations
- AI detected serious security threats
Audit Metadata