social

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The references/listening.md file contains several bash recipes that use curl, jq, and xmllint to fetch and process data from external social media platforms.
  • [EXTERNAL_DOWNLOADS]: In references/listening.md, the skill recommends that the user install external software packages (jq and libxml2-utils) via system package managers like Homebrew (brew) or APT (apt).
  • [DATA_EXFILTRATION]: The skill performs network operations to domains not included in the standard whitelist, such as reddit.com, hn.algolia.com, and public.api.bsky.app. While these are used for the stated purpose of social listening, they represent unauthorized network activity according to strict security guidelines.
  • [PROMPT_INJECTION]: The 'Social Listening & Engagement Triage' workflow in references/listening.md creates a vulnerability to indirect prompt injection.
  • Ingestion points: The skill fetches untrusted text content (titles, post bodies, and comments) from Reddit, Hacker News, and Bluesky.
  • Boundary markers: The instructions lack explicit delimiters or warnings to the agent to ignore potential instructions embedded within the fetched social media content.
  • Capability inventory: The skill has the ability to execute network commands (curl) and interact with a browser (dev-browser).
  • Sanitization: There is no evidence of content sanitization or validation performed on the external data before it is presented to the agent for scoring and drafting responses.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 03:59 PM
Security Audit — agent-trust-hub — social