facebook-page-posts

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions promote the use of eval "$(python scripts/get-page-posts.py '{page_id}' ...)". This pattern is susceptible to shell command injection. If the {page_id} or other parameters contain single quotes or shell metacharacters (such as backticks or subshell expansions), an attacker could execute arbitrary commands on the system running the bash tool.
  • [PROMPT_INJECTION]: The skill ingests untrusted text data from Facebook posts. It lacks boundary markers or sanitization instructions, creating a surface for indirect prompt injection (Category 8). An attacker could craft a Facebook post that, when scraped, provides malicious instructions to the agent. Capability inventory includes shell execution and network operations, increasing the potential impact of such an injection.
  • [CREDENTIALS_UNSAFE]: The scraping scripts programmatically extract the fb_dtsg and lsd tokens from the user's active Facebook session via require('DTSGInitData') and script parsing. These are high-privilege session tokens used for CSRF protection and authentication. While necessary for the scraping task, extracting and processing these tokens in cleartext poses a risk of credential exposure if logs or session data are compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — facebook-page-posts