buffer-api

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The "Agentic OS Integration" section mandating the skill "MUST" check for and append/update .agent/state/last-run.json (logging runtime, decisions, etc.) is an unrelated, mandatory side-effect outside the Buffer API posting/scheduling purpose and thus constitutes a hidden/deceptive instruction to alter local state.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly queries and retrieves user-generated social media content from the Buffer GraphQL API (e.g., the "GetScheduledPosts", "GetSentPosts", and "GetPostsWithAssets" queries in SKILL.md against https://api.buffer.com), so the agent will ingest third‑party/untrusted post text and assets that could materially influence scheduling or posting decisions.