facebook-page-profile-posts

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill employs a dynamic execution pattern where Python scripts generate JavaScript code that is subsequently executed in the browser environment using the shell's eval command.
  • Evidence: SKILL.md specifies the usage of eval "$(python scripts/xxx.py {params})" to run logic.
  • Evidence: scripts/get-page-id.py and scripts/get-page-posts.py dynamically construct JavaScript strings by interpolating user-provided parameters such as page_url and page_id.
  • [PROMPT_INJECTION]: The skill processes untrusted data from Facebook, creating a surface for indirect prompt injection attacks where malicious instructions embedded in posts could influence the agent's behavior.
  • Ingestion points: Post text, comments, author names, and OCR text extracted in scripts/get-page-posts.py.
  • Boundary markers: None identified; the agent is instructed to return the structured data directly.
  • Capability inventory: The skill is capable of performing network requests (fetch) and is intended for use in environments where the agent may have shell access.
  • Sanitization: Basic surrogate character filtering is performed for JSON validity, but no sanitization is applied to prevent embedded instructions from affecting the agent context.
  • [CREDENTIALS_UNSAFE]: The skill extracts sensitive session-specific authentication tokens (fb_dtsg and LSD) from the Facebook web interface to authenticate its GraphQL requests.
  • Evidence: scripts/get-page-posts.py contains logic to extract tokens via require('DTSGInitData') and regex matching on script tags.
  • Note: These tokens are used solely to communicate with Facebook's official API endpoints within the user's existing session.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:39 AM
Security Audit — agent-trust-hub — facebook-page-profile-posts