social-media-finder-skill
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The Python script makes network requests to api.browser-act.com to process social media searches. These requests are directed to the vendor's official API infrastructure.
- [CREDENTIALS_UNSAFE]: Sensitive information is managed through the BROWSERACT_API_KEY environment variable. The skill correctly instructs users on how to provide this key and does not contain hardcoded secrets.
- [COMMAND_EXECUTION]: The skill uses a Python script to orchestrate the search workflow. Input parameters are passed safely, and no unauthorized system commands or privilege escalation attempts were identified.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external input. 1. Ingestion point: 'People_Name' variable in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Network requests in scripts/social_media_finder.py. 4. Sanitization: Absent.
Audit Metadata