facebook-page-posts
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions promote the use of
eval "$(python scripts/get-page-posts.py '{page_id}' ...)". This pattern is susceptible to shell command injection. If the{page_id}or other parameters contain single quotes or shell metacharacters (such as backticks or subshell expansions), an attacker could execute arbitrary commands on the system running the bash tool. - [PROMPT_INJECTION]: The skill ingests untrusted text data from Facebook posts. It lacks boundary markers or sanitization instructions, creating a surface for indirect prompt injection (Category 8). An attacker could craft a Facebook post that, when scraped, provides malicious instructions to the agent. Capability inventory includes shell execution and network operations, increasing the potential impact of such an injection.
- [CREDENTIALS_UNSAFE]: The scraping scripts programmatically extract the
fb_dtsgandlsdtokens from the user's active Facebook session viarequire('DTSGInitData')and script parsing. These are high-privilege session tokens used for CSRF protection and authentication. While necessary for the scraping task, extracting and processing these tokens in cleartext poses a risk of credential exposure if logs or session data are compromised.
Audit Metadata