facebook-page-profile-posts
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill employs a dynamic execution pattern where Python scripts generate JavaScript code that is subsequently executed in the browser environment using the shell's eval command.
- Evidence: SKILL.md specifies the usage of
eval "$(python scripts/xxx.py {params})"to run logic. - Evidence: scripts/get-page-id.py and scripts/get-page-posts.py dynamically construct JavaScript strings by interpolating user-provided parameters such as page_url and page_id.
- [PROMPT_INJECTION]: The skill processes untrusted data from Facebook, creating a surface for indirect prompt injection attacks where malicious instructions embedded in posts could influence the agent's behavior.
- Ingestion points: Post text, comments, author names, and OCR text extracted in scripts/get-page-posts.py.
- Boundary markers: None identified; the agent is instructed to return the structured data directly.
- Capability inventory: The skill is capable of performing network requests (fetch) and is intended for use in environments where the agent may have shell access.
- Sanitization: Basic surrogate character filtering is performed for JSON validity, but no sanitization is applied to prevent embedded instructions from affecting the agent context.
- [CREDENTIALS_UNSAFE]: The skill extracts sensitive session-specific authentication tokens (fb_dtsg and LSD) from the Facebook web interface to authenticate its GraphQL requests.
- Evidence: scripts/get-page-posts.py contains logic to extract tokens via
require('DTSGInitData')and regex matching on script tags. - Note: These tokens are used solely to communicate with Facebook's official API endpoints within the user's existing session.
Audit Metadata