facebook-groups-scrape-posts

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill uses a Python script (scripts/scrape-posts.py) to generate a JavaScript payload which is subsequently executed via the browser-act eval tool. This allows the skill to perform complex browser interactions and direct API calls using the current session context.
  • [DATA_EXPOSURE]: To facilitate authenticated requests, the logic programmatically harvests sensitive session data from the browser, including the c_user cookie and internal Facebook JavaScript objects such as DTSGInitialData and LSD (CSRF tokens). This access is used to perform GraphQL requests directly against Facebook's internal endpoints.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted content from Facebook group posts without using boundary markers or sanitization, potentially allowing malicious instructions in post bodies to influence the agent's context.
  • Ingestion points: Facebook DOM and GraphQL responses processed in scripts/scrape-posts.py.
  • Boundary markers: None present in the instructions or scripts.
  • Capability inventory: browser-act navigate, browser-act eval, and shell-based script execution defined in SKILL.md.
  • Sanitization: Input arguments are serialized via json.dumps, but no validation, escaping, or filtering is applied to the retrieved post metadata content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — facebook-groups-scrape-posts